* Re: [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1
2018-02-27 4:45 ` [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1 Tobin C. Harding
@ 2018-02-27 5:09 ` Tycho Andersen
2018-02-27 6:29 ` Tobin C. Harding
2018-02-27 7:15 ` Alexander Kapshuk
2018-03-01 21:06 ` Tobin C. Harding
2 siblings, 1 reply; 11+ messages in thread
From: Tycho Andersen @ 2018-02-27 5:09 UTC (permalink / raw)
To: Tobin C. Harding; +Cc: Kernel Hardening, LKML
Hi Tobin,
On Tue, Feb 27, 2018 at 03:45:09PM +1100, Tobin C. Harding wrote:
> When the system is idle it is likely that most files under /proc/PID
> will be identical for various processes. Scanning _all_ the PIDs under
> /proc is unnecessary and implies that we are thoroughly scanning /proc.
> This is _not_ the case because there may be ways userspace can trigger
> creation of /proc files that leak addresses but were not present during
> a scan. For these two reasons we should exclude all PID directories
> under /proc except '1/'
>
> Exclude all /proc/PID except /proc/1.
>
> Signed-off-by: Tobin C. Harding <me@tobin.cc>
> ---
> scripts/leaking_addresses.pl | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
> index 6e5bc57caeaa..fb40e2828f43 100755
> --- a/scripts/leaking_addresses.pl
> +++ b/scripts/leaking_addresses.pl
> @@ -10,6 +10,14 @@
> # Use --debug to output path before parsing, this is useful to find files that
> # cause the script to choke.
>
> +#
> +# When the system is idle it is likely that most files under /proc/PID will be
> +# identical for various processes. Scanning _all_ the PIDs under /proc is
> +# unnecessary and implies that we are thoroughly scanning /proc. This is _not_
> +# the case because there may be ways userspace can trigger creation of /proc
> +# files that leak addresses but were not present during a scan. For these two
> +# reasons we exclude all PID directories under /proc except '1/'
> +
> use warnings;
> use strict;
> use POSIX;
> @@ -472,6 +480,9 @@ sub walk
> my $path = "$pwd/$file";
> next if (-l $path);
>
> + # skip /proc/PID except /proc/1
> + next if ($path =~ /\/proc\/(?:[2-9][0-9]*|1[0-9]+)/);
Can't we just do,
substr($path, 0, len("/proc/1/")) eq "/proc/1/" ?
seems much easier to read than the regex.
Cheers,
Tycho
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1
2018-02-27 5:09 ` Tycho Andersen
@ 2018-02-27 6:29 ` Tobin C. Harding
0 siblings, 0 replies; 11+ messages in thread
From: Tobin C. Harding @ 2018-02-27 6:29 UTC (permalink / raw)
To: Tycho Andersen; +Cc: Kernel Hardening, LKML
On Mon, Feb 26, 2018 at 10:09:31PM -0700, Tycho Andersen wrote:
> Hi Tobin,
>
> On Tue, Feb 27, 2018 at 03:45:09PM +1100, Tobin C. Harding wrote:
> > When the system is idle it is likely that most files under /proc/PID
> > will be identical for various processes. Scanning _all_ the PIDs under
> > /proc is unnecessary and implies that we are thoroughly scanning /proc.
> > This is _not_ the case because there may be ways userspace can trigger
> > creation of /proc files that leak addresses but were not present during
> > a scan. For these two reasons we should exclude all PID directories
> > under /proc except '1/'
> >
> > Exclude all /proc/PID except /proc/1.
> >
> > Signed-off-by: Tobin C. Harding <me@tobin.cc>
> > ---
> > scripts/leaking_addresses.pl | 11 +++++++++++
> > 1 file changed, 11 insertions(+)
> >
> > diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
> > index 6e5bc57caeaa..fb40e2828f43 100755
> > --- a/scripts/leaking_addresses.pl
> > +++ b/scripts/leaking_addresses.pl
> > @@ -10,6 +10,14 @@
> > # Use --debug to output path before parsing, this is useful to find files that
> > # cause the script to choke.
> >
> > +#
> > +# When the system is idle it is likely that most files under /proc/PID will be
> > +# identical for various processes. Scanning _all_ the PIDs under /proc is
> > +# unnecessary and implies that we are thoroughly scanning /proc. This is _not_
> > +# the case because there may be ways userspace can trigger creation of /proc
> > +# files that leak addresses but were not present during a scan. For these two
> > +# reasons we exclude all PID directories under /proc except '1/'
> > +
> > use warnings;
> > use strict;
> > use POSIX;
> > @@ -472,6 +480,9 @@ sub walk
> > my $path = "$pwd/$file";
> > next if (-l $path);
> >
> > + # skip /proc/PID except /proc/1
> > + next if ($path =~ /\/proc\/(?:[2-9][0-9]*|1[0-9]+)/);
>
> Can't we just do,
>
> substr($path, 0, len("/proc/1/")) eq "/proc/1/" ?
>
> seems much easier to read than the regex.
This is much better. I guess it's true what they say, be careful after
reading a book about hammers, everything will look like a nail.
Tobin
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1
2018-02-27 4:45 ` [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1 Tobin C. Harding
2018-02-27 5:09 ` Tycho Andersen
@ 2018-02-27 7:15 ` Alexander Kapshuk
2018-02-27 21:06 ` Tobin C. Harding
2018-03-01 21:06 ` Tobin C. Harding
2 siblings, 1 reply; 11+ messages in thread
From: Alexander Kapshuk @ 2018-02-27 7:15 UTC (permalink / raw)
To: Tobin C. Harding; +Cc: Kernel Hardening, Tycho Andersen, LKML
On Tue, Feb 27, 2018 at 6:45 AM, Tobin C. Harding <me@tobin.cc> wrote:
> When the system is idle it is likely that most files under /proc/PID
> will be identical for various processes. Scanning _all_ the PIDs under
> /proc is unnecessary and implies that we are thoroughly scanning /proc.
> This is _not_ the case because there may be ways userspace can trigger
> creation of /proc files that leak addresses but were not present during
> a scan. For these two reasons we should exclude all PID directories
> under /proc except '1/'
>
> Exclude all /proc/PID except /proc/1.
>
> Signed-off-by: Tobin C. Harding <me@tobin.cc>
> ---
> scripts/leaking_addresses.pl | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
> index 6e5bc57caeaa..fb40e2828f43 100755
> --- a/scripts/leaking_addresses.pl
> +++ b/scripts/leaking_addresses.pl
> @@ -10,6 +10,14 @@
> # Use --debug to output path before parsing, this is useful to find files that
> # cause the script to choke.
>
> +#
> +# When the system is idle it is likely that most files under /proc/PID will be
> +# identical for various processes. Scanning _all_ the PIDs under /proc is
> +# unnecessary and implies that we are thoroughly scanning /proc. This is _not_
> +# the case because there may be ways userspace can trigger creation of /proc
> +# files that leak addresses but were not present during a scan. For these two
> +# reasons we exclude all PID directories under /proc except '1/'
> +
> use warnings;
> use strict;
> use POSIX;
> @@ -472,6 +480,9 @@ sub walk
> my $path = "$pwd/$file";
> next if (-l $path);
>
> + # skip /proc/PID except /proc/1
> + next if ($path =~ /\/proc\/(?:[2-9][0-9]*|1[0-9]+)/);
> +
> next if (skip($path));
>
> if (-d $path) {
> --
> 2.7.4
>
Would something like this do the trick?
perl -e 'foreach my $dir (`ls -d /proc/[0-9]*`){next if($dir !~
"/proc/1\$"); print $dir}'
/proc/1
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1
2018-02-27 7:15 ` Alexander Kapshuk
@ 2018-02-27 21:06 ` Tobin C. Harding
0 siblings, 0 replies; 11+ messages in thread
From: Tobin C. Harding @ 2018-02-27 21:06 UTC (permalink / raw)
To: Alexander Kapshuk; +Cc: Kernel Hardening, Tycho Andersen, LKML
On Tue, Feb 27, 2018 at 09:15:03AM +0200, Alexander Kapshuk wrote:
> On Tue, Feb 27, 2018 at 6:45 AM, Tobin C. Harding <me@tobin.cc> wrote:
> > When the system is idle it is likely that most files under /proc/PID
> > will be identical for various processes. Scanning _all_ the PIDs under
> > /proc is unnecessary and implies that we are thoroughly scanning /proc.
> > This is _not_ the case because there may be ways userspace can trigger
> > creation of /proc files that leak addresses but were not present during
> > a scan. For these two reasons we should exclude all PID directories
> > under /proc except '1/'
> >
> > Exclude all /proc/PID except /proc/1.
> >
> > Signed-off-by: Tobin C. Harding <me@tobin.cc>
> > ---
> > scripts/leaking_addresses.pl | 11 +++++++++++
> > 1 file changed, 11 insertions(+)
> >
> > diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
> > index 6e5bc57caeaa..fb40e2828f43 100755
> > --- a/scripts/leaking_addresses.pl
> > +++ b/scripts/leaking_addresses.pl
> > @@ -10,6 +10,14 @@
> > # Use --debug to output path before parsing, this is useful to find files that
> > # cause the script to choke.
> >
> > +#
> > +# When the system is idle it is likely that most files under /proc/PID will be
> > +# identical for various processes. Scanning _all_ the PIDs under /proc is
> > +# unnecessary and implies that we are thoroughly scanning /proc. This is _not_
> > +# the case because there may be ways userspace can trigger creation of /proc
> > +# files that leak addresses but were not present during a scan. For these two
> > +# reasons we exclude all PID directories under /proc except '1/'
> > +
> > use warnings;
> > use strict;
> > use POSIX;
> > @@ -472,6 +480,9 @@ sub walk
> > my $path = "$pwd/$file";
> > next if (-l $path);
> >
> > + # skip /proc/PID except /proc/1
> > + next if ($path =~ /\/proc\/(?:[2-9][0-9]*|1[0-9]+)/);
> > +
> > next if (skip($path));
> >
> > if (-d $path) {
> > --
> > 2.7.4
> >
>
> Would something like this do the trick?
> perl -e 'foreach my $dir (`ls -d /proc/[0-9]*`){next if($dir !~
> "/proc/1\$"); print $dir}'
> /proc/1
thanks for the suggestion Alexander. Here is Tycho's suggestion (from
other email, copied here for reference:
> substr($path, 0, len("/proc/1/")) eq "/proc/1/"
I originally thought Tycho's suggestion was correct until I read yours
and realized that they both find '/proc/1'. You filter on the numbered
directories for '/proc/1' (missing the other directories) and Tycho
finds only directories with '/proc/1' as the leading characters. Both
of these differ to the original regex in that the original skips
numbered directories (under '/proc') that are _not_ '/proc/1' i.e it
allows parsing of all the non-numbered directories and parsing of '/proc/1'.
If my reasoning is correct, perhaps we have at least shown that that the
regex should have a comment :)
Happy to be corrected.
thanks,
Tobin.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1
2018-02-27 4:45 ` [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1 Tobin C. Harding
2018-02-27 5:09 ` Tycho Andersen
2018-02-27 7:15 ` Alexander Kapshuk
@ 2018-03-01 21:06 ` Tobin C. Harding
2018-03-01 22:46 ` Tycho Andersen
2018-03-03 9:44 ` Alexander Kapshuk
2 siblings, 2 replies; 11+ messages in thread
From: Tobin C. Harding @ 2018-03-01 21:06 UTC (permalink / raw)
To: Kernel Hardening; +Cc: Tycho Andersen, LKML, Alexander Kapshuk
On Tue, Feb 27, 2018 at 03:45:09PM +1100, Tobin C. Harding wrote:
> When the system is idle it is likely that most files under /proc/PID
> will be identical for various processes. Scanning _all_ the PIDs under
> /proc is unnecessary and implies that we are thoroughly scanning /proc.
> This is _not_ the case because there may be ways userspace can trigger
> creation of /proc files that leak addresses but were not present during
> a scan. For these two reasons we should exclude all PID directories
> under /proc except '1/'
>
> Exclude all /proc/PID except /proc/1.
>
> Signed-off-by: Tobin C. Harding <me@tobin.cc>
> ---
> scripts/leaking_addresses.pl | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
> index 6e5bc57caeaa..fb40e2828f43 100755
> --- a/scripts/leaking_addresses.pl
> +++ b/scripts/leaking_addresses.pl
> @@ -10,6 +10,14 @@
> # Use --debug to output path before parsing, this is useful to find files that
> # cause the script to choke.
>
> +#
> +# When the system is idle it is likely that most files under /proc/PID will be
> +# identical for various processes. Scanning _all_ the PIDs under /proc is
> +# unnecessary and implies that we are thoroughly scanning /proc. This is _not_
> +# the case because there may be ways userspace can trigger creation of /proc
> +# files that leak addresses but were not present during a scan. For these two
> +# reasons we exclude all PID directories under /proc except '1/'
> +
> use warnings;
> use strict;
> use POSIX;
> @@ -472,6 +480,9 @@ sub walk
> my $path = "$pwd/$file";
> next if (-l $path);
>
> + # skip /proc/PID except /proc/1
> + next if ($path =~ /\/proc\/(?:[2-9][0-9]*|1[0-9]+)/);
Perhaps the intent of this is clearer?
next if (($path =~ /^\/proc\/[0-9]+$/) &&
($path !~ /^\/proc\/1$/));
thanks,
Tobin.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1
2018-03-01 21:06 ` Tobin C. Harding
@ 2018-03-01 22:46 ` Tycho Andersen
2018-03-03 9:44 ` Alexander Kapshuk
1 sibling, 0 replies; 11+ messages in thread
From: Tycho Andersen @ 2018-03-01 22:46 UTC (permalink / raw)
To: Tobin C. Harding; +Cc: Kernel Hardening, LKML, Alexander Kapshuk
On Fri, Mar 02, 2018 at 08:06:23AM +1100, Tobin C. Harding wrote:
> On Tue, Feb 27, 2018 at 03:45:09PM +1100, Tobin C. Harding wrote:
> > When the system is idle it is likely that most files under /proc/PID
> > will be identical for various processes. Scanning _all_ the PIDs under
> > /proc is unnecessary and implies that we are thoroughly scanning /proc.
> > This is _not_ the case because there may be ways userspace can trigger
> > creation of /proc files that leak addresses but were not present during
> > a scan. For these two reasons we should exclude all PID directories
> > under /proc except '1/'
> >
> > Exclude all /proc/PID except /proc/1.
> >
> > Signed-off-by: Tobin C. Harding <me@tobin.cc>
> > ---
> > scripts/leaking_addresses.pl | 11 +++++++++++
> > 1 file changed, 11 insertions(+)
> >
> > diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
> > index 6e5bc57caeaa..fb40e2828f43 100755
> > --- a/scripts/leaking_addresses.pl
> > +++ b/scripts/leaking_addresses.pl
> > @@ -10,6 +10,14 @@
> > # Use --debug to output path before parsing, this is useful to find files that
> > # cause the script to choke.
> >
> > +#
> > +# When the system is idle it is likely that most files under /proc/PID will be
> > +# identical for various processes. Scanning _all_ the PIDs under /proc is
> > +# unnecessary and implies that we are thoroughly scanning /proc. This is _not_
> > +# the case because there may be ways userspace can trigger creation of /proc
> > +# files that leak addresses but were not present during a scan. For these two
> > +# reasons we exclude all PID directories under /proc except '1/'
> > +
> > use warnings;
> > use strict;
> > use POSIX;
> > @@ -472,6 +480,9 @@ sub walk
> > my $path = "$pwd/$file";
> > next if (-l $path);
> >
> > + # skip /proc/PID except /proc/1
> > + next if ($path =~ /\/proc\/(?:[2-9][0-9]*|1[0-9]+)/);
>
> Perhaps the intent of this is clearer?
>
> next if (($path =~ /^\/proc\/[0-9]+$/) &&
> ($path !~ /^\/proc\/1$/));
+1, works for me.
Cheers,
Tycho
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1
2018-03-01 21:06 ` Tobin C. Harding
2018-03-01 22:46 ` Tycho Andersen
@ 2018-03-03 9:44 ` Alexander Kapshuk
1 sibling, 0 replies; 11+ messages in thread
From: Alexander Kapshuk @ 2018-03-03 9:44 UTC (permalink / raw)
To: Tobin C. Harding; +Cc: Kernel Hardening, Tycho Andersen, LKML
On Thu, Mar 1, 2018 at 11:06 PM, Tobin C. Harding <me@tobin.cc> wrote:
> On Tue, Feb 27, 2018 at 03:45:09PM +1100, Tobin C. Harding wrote:
>> When the system is idle it is likely that most files under /proc/PID
>> will be identical for various processes. Scanning _all_ the PIDs under
>> /proc is unnecessary and implies that we are thoroughly scanning /proc.
>> This is _not_ the case because there may be ways userspace can trigger
>> creation of /proc files that leak addresses but were not present during
>> a scan. For these two reasons we should exclude all PID directories
>> under /proc except '1/'
>>
>> Exclude all /proc/PID except /proc/1.
>>
>> Signed-off-by: Tobin C. Harding <me@tobin.cc>
>> ---
>> scripts/leaking_addresses.pl | 11 +++++++++++
>> 1 file changed, 11 insertions(+)
>>
>> diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
>> index 6e5bc57caeaa..fb40e2828f43 100755
>> --- a/scripts/leaking_addresses.pl
>> +++ b/scripts/leaking_addresses.pl
>> @@ -10,6 +10,14 @@
>> # Use --debug to output path before parsing, this is useful to find files that
>> # cause the script to choke.
>>
>> +#
>> +# When the system is idle it is likely that most files under /proc/PID will be
>> +# identical for various processes. Scanning _all_ the PIDs under /proc is
>> +# unnecessary and implies that we are thoroughly scanning /proc. This is _not_
>> +# the case because there may be ways userspace can trigger creation of /proc
>> +# files that leak addresses but were not present during a scan. For these two
>> +# reasons we exclude all PID directories under /proc except '1/'
>> +
>> use warnings;
>> use strict;
>> use POSIX;
>> @@ -472,6 +480,9 @@ sub walk
>> my $path = "$pwd/$file";
>> next if (-l $path);
>>
>> + # skip /proc/PID except /proc/1
>> + next if ($path =~ /\/proc\/(?:[2-9][0-9]*|1[0-9]+)/);
>
> Perhaps the intent of this is clearer?
>
> next if (($path =~ /^\/proc\/[0-9]+$/) &&
> ($path !~ /^\/proc\/1$/));
>
>
> thanks,
> Tobin.
Hi Tobin,
The intent is crystal clear now. Thanks.
Here's something that generates the same output as the code above:
next if ($path !~ "^/proc/(1|[^0-9]+)\$");
I'm not insisting this be given any preference whatsoever.
Thanks.
^ permalink raw reply [flat|nested] 11+ messages in thread