raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-27 04:22:58 +00:00
Code Issues Projects Releases Wiki Activity
Files
a82f3f8f4f010ac41c269472cc4762d963dbdfd2
linux/kernel
History
Kees Cook a82f3f8f4f module: Do not expose section addresses to non-CAP_SYSLOG 
commit b25a7c5af9 upstream.

The printing of section addresses in /sys/module/*/sections/* was not
using the correct credentials to evaluate visibility.

Before:

 # cat /sys/module/*/sections/.*text
 0xffffffffc0458000
 ...
 # capsh --drop=CAP_SYSLOG -- -c "cat /sys/module/*/sections/.*text"
 0xffffffffc0458000
 ...

After:

 # cat /sys/module/*/sections/*.text
 0xffffffffc0458000
 ...
 # capsh --drop=CAP_SYSLOG -- -c "cat /sys/module/*/sections/.*text"
 0x0000000000000000
 ...

Additionally replaces the existing (safe) /proc/modules check with
file->f_cred for consistency.

Reported-by: Dominik Czarnota <dominik.czarnota@trailofbits.com>
Fixes: be71eda538 ("module: Fix display of wrong module .text address")
Cc: stable@vger.kernel.org
Tested-by: Jessica Yu <jeyu@kernel.org>
Acked-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-07-16 08:13:30 +02:00
..
bpf
bpf: Do not allow btf_ctx_access with __int128 types
2020-07-16 08:13:18 +02:00
cgroup
Revert "cgroup: Add memory barriers to plug cgroup_rstat_updated() race window"
2020-04-09 14:55:46 -04:00
configs
compiler: remove CONFIG_OPTIMIZE_INLINING entirely
2020-04-07 10:43:42 -07:00
debug
kgdb: Avoid suspicious RCU usage warning
2020-07-09 09:39:30 +02:00
dma
dma-direct: add missing set_memory_decrypted() for coherent mapping
2020-06-30 15:36:07 -04:00
events
perf: Add cond_resched() to task_function_call()
2020-06-17 16:43:03 +02:00
gcov
kernel/gcov/fs.c: gcov_seq_next() should increase position index
2020-04-10 15:36:22 -07:00
irq
genirq: Remove setup_irq() and remove_irq()
2020-04-14 10:08:50 +02:00
livepatch
Merge tag 'trace-v5.5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
2019-11-27 11:42:01 -08:00
locking
locking/lockdep: Improve 'invalid wait context' splat
2020-04-08 12:05:07 +02:00
power
PM: hibernate: Freeze kernel threads in software_resume()
2020-04-27 10:30:30 +02:00
printk
printk: queue wake_up_klogd irq_work only if per-CPU areas are ready
2020-04-10 13:18:57 -07:00
rcu
Merge branch 'urgent-for-mingo' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into core/urgent
2020-04-14 08:36:41 +02:00
sched
sched/core: Check cpus_mask, not cpus_ptr in __set_cpus_allowed_ptr(), to fix mask corruption
2020-07-16 08:13:17 +02:00
time
clocksource: Remove obsolete ifdef
2020-06-22 09:33:01 +02:00
trace
ring-buffer: Zero out time extend if it is nested and not absolute
2020-06-30 15:36:27 -04:00
.gitignore
.gitignore: add SPDX License Identifier
2020-03-25 11:50:48 +01:00
acct.c
acct: stop using get_seconds()
2019-12-18 18:07:31 +01:00
async.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
audit_fsnotify.c
fsnotify: use helpers to access data by data_type
2020-03-23 18:19:06 +01:00
audit_tree.c
fsnotify: switch send_to_group() and ->handle_event to const struct qstr *
2019-04-26 13:51:03 -04:00
audit_watch.c
Merge tag 'fsnotify_for_v5.7-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2020-04-06 08:58:42 -07:00
audit.c
audit: fix a net reference leak in audit_list_rules_send()
2020-06-22 09:32:31 +02:00
audit.h
audit: fix a net reference leak in audit_list_rules_send()
2020-06-22 09:32:31 +02:00
auditfilter.c
audit: fix a net reference leak in audit_list_rules_send()
2020-06-22 09:32:31 +02:00
auditsc.c
audit: trigger accompanying records when no rules present
2020-03-12 10:42:51 -04:00
backtracetest.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
bounds.c
capability.c
compat.c
y2038: remove unused time32 interfaces
2020-02-21 11:22:15 -08:00
configs.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
context_tracking.c
context-tracking: Introduce CONFIG_HAVE_TIF_NOHZ
2020-02-14 16:05:04 +01:00
cpu_pm.c
kernel/cpu_pm: Fix uninitted local in cpu_pm
2020-06-22 09:33:05 +02:00
cpu.c
sched/core: Fix illegal RCU from offline CPUs
2020-06-22 09:32:36 +02:00
crash_core.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230
2019-06-19 17:09:06 +02:00
crash_dump.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
cred.c
kernel: doc: remove outdated comment cred.c
2020-03-25 10:04:01 -05:00
delayacct.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 25
2019-05-21 11:52:39 +02:00
dma.c
elfcore.c
kernel/elfcore.c: include proper prototypes
2019-09-25 17:51:39 -07:00
exec_domain.c
exit.c
exit: Move preemption fixup up, move blocking operations down
2020-06-22 09:32:36 +02:00
extable.c
kernel/extable.c: use address-of operator on section symbols
2020-04-07 10:43:42 -07:00
fail_function.c
fail_function: no need to check return value of debugfs_create functions
2019-06-03 15:49:06 +02:00
fork.c
fork: prevent accidental access to clone3 features
2020-05-08 17:31:50 +02:00
freezer.c
Revert "libata, freezer: avoid block device removal while system is frozen"
2019-10-06 09:11:37 -06:00
futex.c
Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-03-30 16:17:15 -07:00
gen_kheaders.sh
kheaders: explain why include/config/autoconf.h is excluded from md5sum
2019-11-11 20:10:01 +09:00
groups.c
hung_task.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
iomem.c
mm/nvdimm: add is_ioremap_addr and use that to check ioremap address
2019-07-12 11:05:40 -07:00
irq_work.c
lockdep: Annotate irq_work
2020-03-21 16:00:24 +01:00
jump_label.c
jump_label: Don't warn on __exit jump entries
2019-08-29 15:10:10 +01:00
kallsyms.c
kallsyms: Refactor kallsyms_show_value() to take cred
2020-07-16 08:13:29 +02:00
kcmp.c
kernel/kcmp.c: Use new infrastructure to fix deadlocks in execve
2020-03-25 10:04:01 -05:00
Kconfig.freezer
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig.hz
treewide: Add SPDX license identifier - Makefile/Kconfig
2019-05-21 10:50:46 +02:00
Kconfig.locks
sched/rt, locking: Use CONFIG_PREEMPTION
2019-12-08 14:37:36 +01:00
Kconfig.preempt
sched/Kconfig: Fix spelling mistake in user-visible help text
2019-11-12 11:35:32 +01:00
kcov.c
kernel/kcov.c: fix typos in kcov_remote_start documentation
2020-05-07 19:27:20 -07:00
kexec_core.c
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kexec_elf.c
kexec_elf: support 32 bit ELF files
2019-09-06 23:58:44 +02:00
kexec_file.c
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kexec_internal.h
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kexec.c
kexec: add machine_kexec_post_load()
2020-01-08 16:32:55 +00:00
kheaders.c
kheaders: Move from proc to sysfs
2019-05-24 20:16:01 +02:00
kmod.c
kmod: make request_module() return an error when autoloading is disabled
2020-04-10 15:36:22 -07:00
kprobes.c
kallsyms: Refactor kallsyms_show_value() to take cred
2020-07-16 08:13:29 +02:00
ksysfs.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 170
2019-05-30 11:26:39 -07:00
kthread.c
kthread: Do not preempt current task if it is going to call schedule()
2020-03-20 13:06:20 +01:00
latencytop.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
Makefile
kcov: ignore fault-inject and stacktrace
2020-01-31 10:30:41 -08:00
module_signature.c
MODSIGN: Export module signature definitions
2019-08-05 18:39:56 -04:00
module_signing.c
MODSIGN: Export module signature definitions
2019-08-05 18:39:56 -04:00
module-internal.h
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36
2019-05-24 17:27:11 +02:00
module.c
module: Do not expose section addresses to non-CAP_SYSLOG
2020-07-16 08:13:30 +02:00
notifier.c
x86/mm: split vmalloc_sync_all()
2020-03-21 18:56:06 -07:00
nsproxy.c
ns: Introduce Time Namespace
2020-01-14 12:20:48 +01:00
padata.c
padata: upgrade smp_mb__after_atomic to smp_mb in padata_do_serial
2020-07-09 09:39:37 +02:00
panic.c
locking/refcount: Remove unused 'refcount_error_report()' function
2019-11-25 09:15:42 +01:00
params.c
lockdown: Lock down module params that specify hardware parameters (eg. ioport)
2019-08-19 21:54:16 -07:00
pid_namespace.c
pid: Improve the comment about waiting in zap_pid_ns_processes
2020-02-28 16:29:12 -06:00
pid.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2020-04-10 12:59:56 -07:00
profile.c
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
ptrace.c
ptrace: reintroduce usage of subjective credentials in ptrace_has_cap()
2020-01-18 13:51:39 +01:00
range.c
reboot.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
relay.c
kernel/relay.c: handle alloc_percpu returning NULL in relay_open
2020-06-07 11:33:00 +02:00
resource.c
/dev/mem: Revoke mappings when a driver claims the region
2020-06-24 17:48:58 +02:00
rseq.c
rseq: Reject unknown flags on rseq unregister
2019-12-25 10:41:20 +01:00
seccomp.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2020-03-31 17:29:33 -07:00
signal.c
task_work: teach task_work_add() to do signal_wake_up()
2020-07-09 09:39:31 +02:00
smp.c
cpu/hotplug: Move bringup of secondary CPUs out of smp_init()
2020-03-25 12:59:37 +01:00
smpboot.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
smpboot.h
softirq.c
lockdep: Rename trace_{hard,soft}{irq_context,irqs_enabled}()
2020-03-21 16:03:54 +01:00
stackleak.c
stacktrace.c
stacktrace: Get rid of unneeded '!!' pattern
2019-11-11 10:30:59 +01:00
stop_machine.c
stop_machine: Make stop_cpus() static
2020-01-17 10:19:21 +01:00
sys_ni.c
y2038: allow disabling time32 system calls
2019-11-15 14:38:30 +01:00
sys.c
sys/sysinfo: Respect boottime inside time namespace
2020-03-03 19:34:32 +01:00
sysctl_binary.c
sysctl: Remove the sysctl system call
2019-11-26 13:03:56 -06:00
sysctl-test.c
kunit: allow kunit tests to be loaded as a module
2020-01-09 16:42:29 -07:00
sysctl.c
mm/compaction: Disable compact_unevictable_allowed on RT
2020-04-02 09:35:31 -07:00
task_work.c
task_work: teach task_work_add() to do signal_wake_up()
2020-07-09 09:39:31 +02:00
taskstats.c
taskstats: fix data-race
2019-12-04 15:18:39 +01:00
test_kprobes.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 25
2019-05-21 11:52:39 +02:00
torture.c
Merge tag 'smp-core-2020-03-30' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2020-03-30 18:06:39 -07:00
tracepoint.c
Merge tag 'trace-v5.3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
2019-07-18 11:51:00 -07:00
tsacct.c
tsacct: add 64-bit btime field
2019-12-18 18:07:31 +01:00
ucount.c
ucount: Make sure ucounts in /proc/sys/user don't regress again
2020-04-07 21:51:27 +02:00
uid16.c
uid16.h
umh.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-05-15 13:10:06 -07:00
up.c
smp/up: Make smp_call_function_single() match SMP semantics
2020-02-07 15:34:12 +01:00
user_namespace.c
Merge tag 'keys-namespace-20190627' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
2019-07-08 19:36:47 -07:00
user-return-notifier.c
treewide: Add SPDX license identifier for missed files
2019-05-21 10:50:45 +02:00
user.c
Merge tag 'keys-namespace-20190627' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs
2019-07-08 19:36:47 -07:00
utsname_sysctl.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
utsname.c
treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441
2019-06-05 17:37:17 +02:00
watchdog_hld.c
kernel/watchdog_hld.c: hard lockup message should end with a newline
2019-04-19 09:46:05 -07:00
watchdog.c
watchdog/softlockup: Enforce that timestamp is valid on boot
2020-01-17 11:19:22 +01:00
workqueue_internal.h
sched/core, workqueues: Distangle worker accounting from rq lock
2019-04-16 16:55:15 +02:00
workqueue.c
workqueue: Remove the warning in wq_worker_sleeping()
2020-04-08 11:35:20 +02:00