forked from luck/tmp_suning_uos_patched
kprobes: Do not expose probe addresses to non-CAP_SYSLOG
The kprobe show() functions were using "current"'s creds instead of the file opener's creds for kallsyms visibility. Fix to use seq_file->file->f_cred. Cc: Masami Hiramatsu <mhiramat@kernel.org> Cc: stable@vger.kernel.org Fixes:81365a947d
("kprobes: Show address of kprobes if kallsyms does") Fixes:ffb9bd68eb
("kprobes: Show blacklist addresses as same as kallsyms does") Signed-off-by: Kees Cook <keescook@chromium.org>
This commit is contained in:
parent
b25a7c5af9
commit
60f7bb66b8
|
@ -2448,7 +2448,7 @@ static void report_probe(struct seq_file *pi, struct kprobe *p,
|
||||||
else
|
else
|
||||||
kprobe_type = "k";
|
kprobe_type = "k";
|
||||||
|
|
||||||
if (!kallsyms_show_value(current_cred()))
|
if (!kallsyms_show_value(pi->file->f_cred))
|
||||||
addr = NULL;
|
addr = NULL;
|
||||||
|
|
||||||
if (sym)
|
if (sym)
|
||||||
|
@ -2540,7 +2540,7 @@ static int kprobe_blacklist_seq_show(struct seq_file *m, void *v)
|
||||||
* If /proc/kallsyms is not showing kernel address, we won't
|
* If /proc/kallsyms is not showing kernel address, we won't
|
||||||
* show them here either.
|
* show them here either.
|
||||||
*/
|
*/
|
||||||
if (!kallsyms_show_value(current_cred()))
|
if (!kallsyms_show_value(m->file->f_cred))
|
||||||
seq_printf(m, "0x%px-0x%px\t%ps\n", NULL, NULL,
|
seq_printf(m, "0x%px-0x%px\t%ps\n", NULL, NULL,
|
||||||
(void *)ent->start_addr);
|
(void *)ent->start_addr);
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue
Block a user