From patchwork Thu Dec 7 04:32:24 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobin Harding X-Patchwork-Id: 10097613 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5ED3C602BF for ; Thu, 7 Dec 2017 04:33:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 510D628C29 for ; Thu, 7 Dec 2017 04:33:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 45F7129049; Thu, 7 Dec 2017 04:33:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.1 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 5B9B428C29 for ; Thu, 7 Dec 2017 04:33:18 +0000 (UTC) Received: (qmail 13993 invoked by uid 550); 7 Dec 2017 04:33:03 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 13838 invoked from network); 7 Dec 2017 04:33:02 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobin.cc; h=cc :date:from:in-reply-to:message-id:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=s71Lw+L9p8EmiU8m7 IDC505IFyDbJ9dT5bbGqy7pFjk=; b=ANKTL+bCYwULvRIDySNuayEQ41D6/eTLV VkEW/sFS62cur1UzDgdAs8CWKTrXM9r7Np/YOdsTGD7sSM5qjOhDNBubJrtVdpSJ MTUE724gYGXfLN6zuT8LkCXnw1eg+55CTo1P6NC89OZKyEoCFdmLyS12A6OXFpLi ySdlsiXiEUkGGri5puk/g8rQAjoKhquelp5VoSDST+FisnnPmvH55Mn6T5Y6WsJM z9MHSPwa8Orr2IloSQZk/sVIIAjkbf9FccsPoexL+FcxCe1ikyAQnsWCXo0zJPQK KphFg6cIMLbiANJQFURwk43L2SUcHzoi5neTxY+ZnGLJqZAUvXzZw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:date:from:in-reply-to:message-id :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=s71Lw+L9p8EmiU8m7IDC505IFyDbJ9dT5bbGqy7pFjk=; b=KukMldor 26jC69HmkOLsAY+L4lJ8bSV6iuaYpY6HcUTzPYr7jjGWaVyCuFR4aeCqIPXllUDT d//KFhqq4LdK1sYWWvweY3Zv6VJQTdRnHhYapKwOvNFCPwtyDusdYB2NWEKYDCSL jBwrm1Tc63mzpPGVYtuJ7f5FB9Sq66JvNl+Mfs+2Rvn+X2OrpykfKaPBb2WrVKgT btDM4Ebf27ywyWJ4J9I0cd2aPEFxvuvknkNA8EGtAnUljkp2QoaJeWwauLI/8kg9 ylLzNE0KjCDH3kHGPOwke8Enn5LsaUoUoVPAAuPoZJs4n3VrBG92qDccGOolOeLJ LxjfXvWRaHpMuw== X-ME-Sender: From: "Tobin C. Harding" To: me@tobin.cc, kaiwan.billimoria@gmail.com Cc: "Kirill A. Shutemov" , Alexander Kapshuk , LKML , kernel-hardening@lists.openwall.com Date: Thu, 7 Dec 2017 15:32:24 +1100 Message-Id: <1512621145-4783-5-git-send-email-me@tobin.cc> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1512621145-4783-1-git-send-email-me@tobin.cc> References: <1512621145-4783-1-git-send-email-me@tobin.cc> Subject: [kernel-hardening] [PATCH 4/5] leaking_addresses: add support for kernel config file X-Virus-Scanned: ClamAV using ClamSMTP Features that rely on the ability to get kernel configuration options are ready to be implemented in script. In preparation for this we can add support for kernel config options as a separate patch to ease review. Add support for locating and parsing kernel configuration file. Signed-off-by: Tobin C. Harding Co-Developed-by: Kaiwan N Billimoria Signed-off-by: Kaiwan N Billimoria --- get_kernel_config_option() is not super clean, any improvements most welcome. Kaiwan, This needs your Signed-off-by tag if you want me to apply it with the Co-Developed-tag thanks, Tobin. scripts/leaking_addresses.pl | 64 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl index cb69ccd4153a..892bfe9e01fe 100755 --- a/scripts/leaking_addresses.pl +++ b/scripts/leaking_addresses.pl @@ -42,10 +42,10 @@ my $debug = 0; my $raw = 0; my $output_raw = ""; # Write raw results to file. my $input_raw = ""; # Read raw results from file instead of scanning. - my $suppress_dmesg = 0; # Don't show dmesg in output. my $squash_by_path = 0; # Summary report grouped by absolute path. my $squash_by_filename = 0; # Summary report grouped by filename. +my $kernel_config_file = ""; # Kernel configuration file. # Do not parse these files (absolute path). my @skip_parse_files_abs = ('/proc/kmsg', @@ -100,6 +100,7 @@ Options: --suppress-dmesg Do not show dmesg results. --squash-by-path Show one result per unique path. --squash-by-filename Show one result per unique filename. + --kernel-config-file= Kernel configuration file (e.g /boot/config) -d, --debug Display debugging output. -h, --help, --versionq Display this help and exit. @@ -119,6 +120,7 @@ GetOptions( 'squash-by-path' => \$squash_by_path, 'squash-by-filename' => \$squash_by_filename, 'raw' => \$raw, + 'kernel-config-file=s' => \$kernel_config_file, ) or help(1); help(0) if ($help); @@ -188,6 +190,66 @@ sub is_ppc64 return 0; } +# gets config option value from kernel config file +sub get_kernel_config_option +{ + my ($option) = @_; + my $value = ""; + my $tmp_file = ""; + my @config_files; + + # Allow --kernel-config-file to override. + if ($kernel_config_file ne "") { + @config_files = ($kernel_config_file); + } elsif (-R "/proc/config.gz") { + my $tmp_file = "/tmp/tmpkconf"; + + if (system("gunzip < /proc/config.gz > $tmp_file")) { + dprint "$0: system(gunzip < /proc/config.gz) failed\n"; + } else { + @config_files = ($tmp_file); + } + + } else { + my $file = '/boot/config-' . `uname -r`; + @config_files = ($file, '/boot/config'); + } + + foreach my $file (@config_files) { +# chomp $config_file; + $value = option_from_file($option, $file); + if ($value ne "") { + last; + } + } + + if ($tmp_file ne "") { + system("rm -f $tmp_file"); + } + + return $value; +} + +# Parses $file and returns kernel configuration option value. +sub option_from_file +{ + my ($option, $file) = @_; + my $str = ""; + my $val = ""; + + open(my $fh, "<", $file) or return ""; + while (my $line = <$fh> ) { + if ($line =~ /^$option/) { + ($str, $val) = split /=/, $line; + chomp($val); + last; + } + } + + close $fh; + return $val; +} + sub is_false_positive { my ($match) = @_;