Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Reading kallsyms in user-mode

i'm writing the code about low-level stuff. i need to know kernel symbol addresses to write reliable code. So im trying to read the kallsyms when im in user-mode in Ubuntu kernel-3.0.19. and that's kallsyms output in user-mode.

... 00000000 r __ksymtab_prepare_kernel_cred 00000000 r __kcrctab_prepare_kernel_cred 00000000 r __kstrtab_prepare_kernel_cred ...

how can i solve this problem in user-mode. when im root and everyting's ok but that's not what i need.

thanks.

like image 634
oxbo Avatar asked May 04 '12 10:05

oxbo


1 Answers

It is intentional that /proc/kallsyms shows zeros instead of the real addresses for a non-root user. This lowers the security risk a bit.

The details are available in this upstream commit. See also how %pK print specifier is used in s_show() function in kallsyms.c, s_show being responsible for providing a record in /proc/kallsyms.

I doubt it is still possible to get symbol addresses somehow without being a root user. One can not access System.map without root privileges either. Same for writing to /proc/sys/kernel/kptr_restrict.

like image 133
Eugene Avatar answered Oct 15 '22 19:10

Eugene