# Use --debug to output path before parsing, this is useful to find files that
# cause the script to choke.
+#
+# When the system is idle it is likely that most files under /proc/PID will be
+# identical for various processes. Scanning _all_ the PIDs under /proc is
+# unnecessary and implies that we are thoroughly scanning /proc. This is _not_
+# the case because there may be ways userspace can trigger creation of /proc
+# files that leak addresses but were not present during a scan. For these two
+# reasons we exclude all PID directories under /proc except '1/'
+
use warnings;
use strict;
use POSIX;
use feature 'state';
my $P = $0;
-my $V = '0.01';
# Directories to scan.
my @DIRS = ('/proc', '/sys');
my @skip_abs = (
'/proc/kmsg',
'/proc/device-tree',
+ '/proc/1/syscall',
'/sys/firmware/devicetree',
'/sys/kernel/debug/tracing/trace_pipe',
'/sys/kernel/security/apparmor/revision');
print << "EOM";
Usage: $P [OPTIONS]
-Version: $V
Options:
}
$address_re = get_address_re();
- while (/($address_re)/g) {
+ while ($line =~ /($address_re)/g) {
if (!is_false_positive($1)) {
return 1;
}
close $fh;
}
+# Checks if the actual path name is leaking a kernel address.
+sub check_path_for_leaks
+{
+ my ($path) = @_;
+
+ if (may_leak_address($path)) {
+ printf("Path name may contain address: $path\n");
+ }
+}
+
# Recursively walk directory tree.
sub walk
{
my $path = "$pwd/$file";
next if (-l $path);
+ # skip /proc/PID except /proc/1
+ next if (($path =~ /^\/proc\/[0-9]+$/) &&
+ ($path !~ /^\/proc\/1$/));
+
next if (skip($path));
+ check_path_for_leaks($path);
+
if (-d $path) {
push @dirs, $path;
next;