Re: modstat and kaslr

[John Nemeth <jnemeth%cue.bc.ca@localhost>]

On Dec 31,  5:11pm, Maxime Villard wrote:
}
} Here is a patch [1] that hides the addresses of the kernel modules when
} 'modstat -k' is entered by an unprivileged user. The current behavior is
} preserved for root.
} 
} The addresses currently leaked cannot be used to reconstruct the layout of
} the kernel, since the module VAs are embedded in bootspace.boot, whose location
} is independent from that of each of the remaining kernel segments.
} 
} But it's still good not to leak such information, to limit the surface for ROP
} and a few other things, and this, also in the non-kaslr case. Ok?
} 
} [1] http://m00nbsd.net/garbage/module/modstat.diff

@@ -150,10 +159,13 @@
 			strlcpy(ms->ms_required, mi->mi_required,
 			    sizeof(ms->ms_required));
 		}
-		if (mod->mod_kobj != NULL) {
+		if (mod->mod_kobj != NULL && stataddr) {
 			kobj_stat(mod->mod_kobj, &addr, &size);
 			ms->ms_addr = addr;
 			ms->ms_size = size;
+		} else {
+			ms->ms_addr = 0;
+			ms->ms_size = 0;
 		}
 		ms->ms_class = mi->mi_class;
 		ms->ms_refcnt = -1;

     I don't see why you added the part where you set ms_addr and
ms_size to 0 given that the memory was kmem_zalloc'ed and thus we
know that it is already 0?

     Also, given the reason for preventing information leaks, I
would also make sure that the address isn't given out even for root
when secure_level has been elevated.

}-- End of excerpt from Maxime Villard