DragonFlyBSD Kernel Audit
DF-0016 / fix.diff
← back to finding ↓ download raw
diff --git a/sys/kern/kern_kinfo.c b/sys/kern/kern_kinfo.c
index 0000000..1111111 100644
--- a/sys/kern/kern_kinfo.c
+++ b/sys/kern/kern_kinfo.c
@@ -125,8 +125,8 @@
 
 	bzero(kp, sizeof(*kp));
 
-	kp->kp_paddr = (uintptr_t)p;
-	kp->kp_fd = (uintptr_t)p->p_fd;
+	kp->kp_paddr = 0;		/* do not leak kernel slab addrs via sysctl */
+	kp->kp_fd = 0;		/* (libkvm over /dev/kmem still uses the raw addr) */
 
 	kp->kp_flags = p->p_flags;
 	kp->kp_stat = p->p_stat;
@@ -269,7 +269,7 @@
 	kl->kl_siglist = lwp->lwp_siglist;
 	kl->kl_sigmask = lwp->lwp_sigmask;
 
-	kl->kl_wchan = (uintptr_t)lwp->lwp_thread->td_wchan;
+	kl->kl_wchan = 0;	/* do not leak wait-channel kernel address */
 	if (lwp->lwp_thread->td_wmesg) {
 		strncpy(kl->kl_wmesg, lwp->lwp_thread->td_wmesg, WMESGLEN);
 		kl->kl_wmesg[WMESGLEN] = 0;
@@ -298,7 +298,7 @@
 	else
 		kp->kp_stat = SIDL;
 	kp->kp_nthreads = 1;
-	kp->kp_ktaddr = (uintptr_t)td;
+	kp->kp_ktaddr = 0;	/* do not leak kernel-thread address */
 
 	kp->kp_lwp.kl_pid = -1;
 	kp->kp_lwp.kl_tid = -1;
@@ -318,7 +318,7 @@
 	kp->kp_lwp.kl_iticks = td->td_iticks;
 	kp->kp_lwp.kl_cpuid = td->td_gd->gd_cpuid;
 
-	kp->kp_lwp.kl_wchan = (uintptr_t)td->td_wchan;
+	kp->kp_lwp.kl_wchan = 0;	/* do not leak wait-channel kernel address */
 	if (td->td_flags & TDF_RUNQ)
 		kp->kp_lwp.kl_stat = LSRUN;
 	else