Reading kallsyms in user-mode

2020-04-06 01:41发布

问题:

i'm writing the code about low-level stuff. i need to know kernel symbol addresses to write reliable code. So im trying to read the kallsyms when im in user-mode in Ubuntu kernel-3.0.19. and that's kallsyms output in user-mode.

... 00000000 r __ksymtab_prepare_kernel_cred 00000000 r __kcrctab_prepare_kernel_cred 00000000 r __kstrtab_prepare_kernel_cred ...

how can i solve this problem in user-mode. when im root and everyting's ok but that's not what i need.

thanks.

回答1:

It is intentional that /proc/kallsyms shows zeros instead of the real addresses for a non-root user. This lowers the security risk a bit.

The details are available in this upstream commit. See also how %pK print specifier is used in s_show() function in kallsyms.c, s_show being responsible for providing a record in /proc/kallsyms.

I doubt it is still possible to get symbol addresses somehow without being a root user. One can not access System.map without root privileges either. Same for writing to /proc/sys/kernel/kptr_restrict.