On Thu, 2020-05-07 at 18:56 +0200, Sebastian Andrzej Siewior wrote:
On 2020-05-07 09:49:04 [-0700], Yu-cheng Yu wrote:
In a core dump, copy_xstate_to_kernel() copies only enabled user xfeatures to a kernel buffer without touching areas for disabled xfeatures. However, those uninitialized areas may contain random data, which is then written to the core dump file and can be read by a non-privileged user.
Fix it by clearing uninitialized areas.
Is the problem that copy_xstate_to_kernel() gets `kbuf' passed which isn't zeroed? If so, would it work clean that upfront?
Alexander Potapenko's patch (in the Link:) fixes the buffer in fill_thread_core_info(). My patch prevents the same issue if this function is called from somewhere else in the future.
Yu-cheng