Linus Torvalds writes: (Summary) Shouldn't it?
So %p itself shouldn't have logic like that, because some of those addresses can be sensitive even if they aren't strictly kernel addresses.
addresses.
For example, anything that prints out sensitive physical addresses wouldn't look like a kernel virtual address, but it could still expose very sensitive data.
very sensitive data.
So that check would have to be done by the user of %p, not by %p itself. That was one of the things that I absolutely detested about %pK - getting that fundamentally wrong) whether the opener could write a kernel address to the file, and if the opener has those permissions, then it obviously can read the values too.
then it obviously can read the values too.
But in this case I would suggest just making "uprobe_events" be 0600 rather than 0644.
So %p itself shouldn't have logic like that, because some of those addresses can be sensitive even if they aren't strictly kernel addresses.
addresses.
For example, anything that prints out sensitive physical addresses wouldn't look like a kernel virtual address, but it could still expose very sensitive data.
very sensitive data.
So that check would have to be done by the user of %p, not by %p itself. That was one of the things that I absolutely detested about %pK - getting that fundamentally wrong) whether the opener could write a kernel address to the file, and if the opener has those permissions, then it obviously can read the values too.
then it obviously can read the values too.
But in this case I would suggest just making "uprobe_events" be 0600 rather than 0644.