diff mbox

[5/7] scripts/leaking_addresses: add emailing results

Message ID 1510112259-11572-6-git-send-email-me@tobin.cc (mailing list archive)
State New, archived
Headers show

Commit Message

Tobin Harding Nov. 8, 2017, 3:37 a.m. UTC
Developers may not have the time (or inclination) to investigate script
output. This information is, however, useful. If we add functionality to
the script to email results for further investigation.

Add --send-report flag to email scan results (to Tobin C. Harding).

Signed-off-by: Tobin C. Harding <me@tobin.cc>
---
 scripts/leaking_addresses.pl | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 mode change 100755 => 100644 scripts/leaking_addresses.pl

Comments

Petr Mladek Nov. 8, 2017, 10:16 a.m. UTC | #1
On Wed 2017-11-08 14:37:37, Tobin C. Harding wrote:
> Developers may not have the time (or inclination) to investigate script
> output. This information is, however, useful. If we add functionality to
> the script to email results for further investigation.
> 
> Add --send-report flag to email scan results (to Tobin C. Harding).

I am not sure that it is wise to make spaming one person
so easy ;-)

It might make sense to add some more information into
the message. For example:

    + uname -a
    + whether the log was generated using root access

Also people might feel more comfortable if this feature:

     + prints the message
     + printks where it is being sent
     + ask yes/no before doing so


>  scripts/leaking_addresses.pl | 42 ++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 42 insertions(+)
>  mode change 100755 => 100644 scripts/leaking_addresses.pl
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

> diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
> old mode 100755
> new mode 100644

I guess that this was not intended.

Best Regards,
Petr
Greg Kroah-Hartman Nov. 8, 2017, 11:51 a.m. UTC | #2
On Wed, Nov 08, 2017 at 11:16:43AM +0100, Petr Mladek wrote:
> On Wed 2017-11-08 14:37:37, Tobin C. Harding wrote:
> > Developers may not have the time (or inclination) to investigate script
> > output. This information is, however, useful. If we add functionality to
> > the script to email results for further investigation.
> > 
> > Add --send-report flag to email scan results (to Tobin C. Harding).
> 
> I am not sure that it is wise to make spaming one person
> so easy ;-)

I agree, I would strongly discourage this, as you will end up getting
reports from really old kernels for the next 20+ years.  We have seen
that happen for every time we have added a "report this to foo@baz" in a
kernel log message.

If you _really_ want to do this, at least point it at a mailing list.

thanks,

greg k-h
Tobin Harding Nov. 9, 2017, 12:58 a.m. UTC | #3
On Wed, Nov 08, 2017 at 12:51:20PM +0100, Greg KH wrote:
> On Wed, Nov 08, 2017 at 11:16:43AM +0100, Petr Mladek wrote:
> > On Wed 2017-11-08 14:37:37, Tobin C. Harding wrote:
> > > Developers may not have the time (or inclination) to investigate script
> > > output. This information is, however, useful. If we add functionality to
> > > the script to email results for further investigation.
> > > 
> > > Add --send-report flag to email scan results (to Tobin C. Harding).
> > 
> > I am not sure that it is wise to make spaming one person
> > so easy ;-)
> 
> I agree, I would strongly discourage this, as you will end up getting
> reports from really old kernels for the next 20+ years.  We have seen
> that happen for every time we have added a "report this to foo@baz" in a
> kernel log message.
> 
> If you _really_ want to do this, at least point it at a mailing list.

Will remove --send-report for next version.

thanks,
Tobin.
diff mbox

Patch

diff --git a/scripts/leaking_addresses.pl b/scripts/leaking_addresses.pl
old mode 100755
new mode 100644
index 4c31e935319b..e43105662306
--- a/scripts/leaking_addresses.pl
+++ b/scripts/leaking_addresses.pl
@@ -34,6 +34,7 @@  my $output = "scan.out";
 my $suppress_dmesg = 0;
 my $squash_by_path = 0;
 my $raw = 0;
+my $send_report = 0;
 my $help = 0;
 my $debug = 0;
 
@@ -90,6 +91,7 @@  Options:
 	    --suppress-dmesg	 Do not show dmesg results.
 	    --squash-by-path	 Show one result per unique path.
 	    --raw	 	 Show raw results.
+	    --send-report	 Submit raw results for someone else to worry about.
 	-d, --debug              Display debugging output.
 	-h, --help, --version    Display this help and exit.
 
@@ -103,6 +105,7 @@  GetOptions(
 	'suppress-dmesg'	=> \$suppress_dmesg,
 	'squash-by-path'	=> \$squash_by_path,
 	'raw'			=> \$raw,
+	'send-report'		=> \$send_report,
 	'd|debug'		=> \$debug,
 	'h|help'		=> \$help,
 	'version'		=> \$help
@@ -124,6 +127,12 @@  if ($command eq 'scan') {
 	scan();
 }
 
+if ($send_report) {
+	send_report();
+	print "Raw scan results sent, thank you.\n";
+	exit(0);
+}
+
 format_output();
 
 exit 0;
@@ -144,6 +153,39 @@  sub scan
 	select STDOUT;
 }
 
+sub send_report
+{
+	my $subject = 'LEAK REPORT';
+	my $email = 'leaks@tobin.cc';
+
+	my $message = sprintf("kptr_restrict: %s\n", get_kptr_restrict());
+
+	# Slurp raw results.
+	$message .= do {
+		local $/ = undef;
+		open my $fh, "<", $output
+		    or die "could not open $output: $!";
+		<$fh>;
+	};
+
+	open my $mailh, '|-', "mail -s '$subject' $email"
+	    or die( "Could not open pipe! $!" );
+
+	print $mailh $message;
+	close $mailh;
+}
+
+sub get_kptr_restrict
+{
+	my $filename = "/proc/sys/kernel/kptr_restrict";
+	my @array = do {
+		open my $fh, "<", $filename
+		    or die "could not open $filename: $!";
+		<$fh>;
+	};
+	return $array[0];
+}
+
 sub is_false_positive
 {
 	my ($match) = @_;