DragonFlyBSD Kernel Audit
← dashboard
DF-0256

Kernel pointer info leak via kern.file sysctl (f_file, f_data) to unprivileged users

Summary

kcore_make_file(:67-68) copies raw kernel addresses f_file(struct file*) and f_data into kinfo_file. kern.file sysctl CTLFLAG_RD no privilege gate — only PRISON_CHECK. Any unpriv user: sysctl kern.file -> kernel heap addresses -> KASLR bypass. bzero(:61) prevents padding leaks but intentional pointer copy is the leak.