From ae18eb014609948a40e22192b87b10efc680daa7 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Tue, 19 Apr 2016 14:57:09 -0700 Subject: [PATCH 1/2] Fix scanf %s in lsof. Bug: http://b/28175237 Change-Id: Ief0ba299b09693ad9afc0e3d17a8f664c2fbb8c2 --- toolbox/lsof.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/toolbox/lsof.c b/toolbox/lsof.c index 982f5aaf65..da78ddd71b 100644 --- a/toolbox/lsof.c +++ b/toolbox/lsof.c @@ -100,10 +100,11 @@ static void print_type(char *type, struct pid_info_t* info) static void print_maps(struct pid_info_t* info) { FILE *maps; + size_t offset; char device[10]; long int inode; - char file[PATH_MAX]; + char file[1024]; strlcat(info->path, "maps", sizeof(info->path)); @@ -111,8 +112,8 @@ static void print_maps(struct pid_info_t* info) if (!maps) goto out; - while (fscanf(maps, "%*x-%*x %*s %zx %s %ld %s\n", &offset, device, &inode, - file) == 4) { + while (fscanf(maps, "%*x-%*x %*s %zx %5s %ld %1023s\n", + &offset, device, &inode, file) == 4) { // We don't care about non-file maps if (inode == 0 || !strcmp(device, "00:00")) continue; From 671d62d73c9c643159107ca77721b6540ef79eea Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 4 Sep 2015 16:23:01 -0400 Subject: [PATCH 2/2] add a property for controlling perf_event_paranoid This adds a system property for controlling unprivileged access to perf_event_paranoid. It depends on adding kernel support for perf_event_paranoid=3 based on grsecurity's PERF_HARDEN feature to completely disable unprivileged access to perf. A minimal port of this feature is used in the vanilla Debian kernel by default. It hides the non-hardened value as an implementation detail, since while it is currently 1, it will probably become 2 in the future. (Cherry picked from commit 2b22a66382db8a2fdf5ed7a685085a6d7d67cf12) Bug: 29054680 Change-Id: I6e3ae3cf18d8c76df94f879c34fb6fde519b89a9 --- rootdir/init.rc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/rootdir/init.rc b/rootdir/init.rc index 317207c709..900e356b4a 100644 --- a/rootdir/init.rc +++ b/rootdir/init.rc @@ -544,6 +544,11 @@ on property:sys.sysctl.extra_free_kbytes=* on property:sys.sysctl.tcp_def_init_rwnd=* write /proc/sys/net/ipv4/tcp_default_init_rwnd ${sys.sysctl.tcp_def_init_rwnd} +on property:security.perf_harden=0 + write /proc/sys/kernel/perf_event_paranoid 1 + +on property:security.perf_harden=1 + write /proc/sys/kernel/perf_event_paranoid 3 ## Daemon processes to be run by init. ##