Fix: notification capture: handle userspace strings
authorMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Tue, 6 Sep 2022 15:59:17 +0000 (11:59 -0400)
committerMathieu Desnoyers <mathieu.desnoyers@efficios.com>
Wed, 7 Sep 2022 20:07:38 +0000 (16:07 -0400)
commit8915cf5e47e6dd0ba1baebdb13027b0ce4237c86
tree256c1743c5fd917f42b9b3770be494496219db6e
parentcf1798f4db44d6dab99038fe26a96d27a606e813
Fix: notification capture: handle userspace strings

The "user" attribute (copy from userspace) is not applied to string
field capture within event notifications. This leads to copy of strings
from user-space (e.g. `filename` field from sys_open) to end up using
strlen/memcpy on user-space data. This can cause kernel OOPS due to
unhandled page faults, and it also allows reading kernel memory through
the event notification capture mechanism. As a result, the users within
the `tracing` group can read arbitrary kernel memory.

Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Change-Id: I3241b144fea849004a3f0a19276506c9f1b0d5e5
src/lttng-event-notifier-notification.c
This page took 0.026405 seconds and 4 git commands to generate.