Re: [PATCH 1/3] kallsyms: don't leak address when symbol not found

2017-12-18 Thread Tobin C. Harding 
On Mon, Dec 18, 2017 at 06:43:24PM -0500, Steven Rostedt wrote:
> On Tue, 19 Dec 2017 09:41:29 +1100
> "Tobin C. Harding"  wrote:
> 
> > Current suggestion on list is to remove this function. Do you have a use
> > case in mind where debugging will break? We could add a fix to this
> > series if so. Otherwise next version will likely drop
> > string_is_no_symbol()
> 
> What about adding a kernel command line parameter that lets one put
> back the old behavior.
> 
> "insecure_print_all_symbols" ?

Cool. I've not done that before it will be a good learning
experience. I'll hack it up and see what people think.

thanks,
Tobin.

Re: [PATCH 1/3] kallsyms: don't leak address when symbol not found

2017-12-18 Thread Steven Rostedt 
On Tue, 19 Dec 2017 09:41:29 +1100
"Tobin C. Harding"  wrote:

> Current suggestion on list is to remove this function. Do you have a use
> case in mind where debugging will break? We could add a fix to this
> series if so. Otherwise next version will likely drop
> string_is_no_symbol()

What about adding a kernel command line parameter that lets one put
back the old behavior.

"insecure_print_all_symbols" ?

-- Steve

Re: [PATCH 1/3] kallsyms: don't leak address when symbol not found

2017-12-18 Thread Tobin C. Harding 
On Mon, Dec 18, 2017, at 20:55, Felix Fietkau wrote:
> On 2017-12-18 00:53, Tobin C. Harding wrote:
> > Currently if kallsyms_lookup() fails to find the symbol then the address
> > is printed. This potentially leaks sensitive information. Instead of
> > printing the address we can return an error, giving the calling code the
> > option to print the address or print some sanitized message.
> > 
> > Return error instead of printing address to argument buffer. Leave
> > buffer in a sane state.
> > 
> > Signed-off-by: Tobin C. Harding 
> I think there should be a way to keep the old behavior for debugging.

That was the intended use of

EXPORT_SYMBOL(string_is_no_symbol);

in patch 2 of this series. Then if debugging behaviour is adversely
effected one could use string_is_no_symbol() on a case by case basis to
add back in the original behaviour. 

Current suggestion on list is to remove this function. Do you have a use
case in mind where debugging will break? We could add a fix to this
series if so. Otherwise next version will likely drop
string_is_no_symbol()

thanks,
Tobin.

Re: [PATCH 1/3] kallsyms: don't leak address when symbol not found

2017-12-18 Thread Felix Fietkau 
On 2017-12-18 00:53, Tobin C. Harding wrote:
> Currently if kallsyms_lookup() fails to find the symbol then the address
> is printed. This potentially leaks sensitive information. Instead of
> printing the address we can return an error, giving the calling code the
> option to print the address or print some sanitized message.
> 
> Return error instead of printing address to argument buffer. Leave
> buffer in a sane state.
> 
> Signed-off-by: Tobin C. Harding 
I think there should be a way to keep the old behavior for debugging.

- Felix