| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 5 May 2009 21:52:46 +0200
From: Ingo Molnar <mingo@...e.hu>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Matt Mackall <mpm@...enic.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Arjan van de Ven <arjan@...radead.org>,
Jake Edge <jake@....net>, security@...nel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
James Morris <jmorris@...ei.org>,
linux-security-module@...r.kernel.org,
Eric Paris <eparis@...hat.com>,
Alan Cox <alan@...rguk.ukuu.org.uk>,
Roland McGrath <roland@...hat.com>, mingo@...hat.com,
Andrew Morton <akpm@...ux-foundation.org>,
Greg KH <greg@...ah.com>, Dave Jones <davej@...hat.com>
Subject: Re: [Security] [PATCH] proc: avoid information leaks to
non-privileged processes
* Eric W. Biederman <ebiederm@...ssion.com> wrote:
> Ingo Molnar <mingo@...e.hu> writes:
>
> > * Matt Mackall <mpm@...enic.com> wrote:
> >
> >> As to what's the appropriate sort of RNG for ASLR to use, finding
> >> a balance between too strong and too weak is tricky. [...]
> >
> > In exec-shield i mixed 'easily accessible and fast' semi-random
> > state to the get_random_int() result: xor-ed the cycle counter, the
> > pid and a kernel address to it. That strengthened the result in a
> > pretty practical way (without strengthening the theoretical
> > randomless - each of those items are considered guessable) and does
> > so without weakening the entropy of the random pool.
>
> The trouble is, that thinking completely misses the problem, and I
> expect that is why we have a problem. Throwing a bunch of
> possibly truly random values into the pot for luck is nice. But
> you didn't throw in a pseudo random number generator. An
> unpredictable sequence that is guaranteed to change from one
> invocation to the next.
Alas, i did - it got 'reviewed' out of existence ;)
I still have the backups, here's the original exec-shield RNG:
+/*
+ * Get a random word:
+ */
+static inline unsigned int get_random_int(void)
+{
+ unsigned int val = 0;
+
+ if (!exec_shield_randomize)
+ return 0;
+
+#ifdef CONFIG_X86_HAS_TSC
+ rdtscl(val);
+#endif
+ val += current->pid + jiffies + (int)&val;
+
+ /*
+ * Use IP's RNG. It suits our purpose perfectly: it re-keys itself
+ * every second, from the entropy pool (and thus creates a limited
+ * drain on it), and uses halfMD4Transform within the second. We
+ * also spice it with the TSC (if available), jiffies, PID and the
+ * stack address:
+ */
+ return secure_ip_id(val);
+}
I thought that basing it on the networking PRNG is proper design:
the networking folks have showed it time and again that they care
about the PRNG not being brute-forceable easily, while still staying
fast enough.
I added the TSC and a few other pseudo-random details to increase
complexity of any brute-force attack. (in the hope of rendering it
less practical, at minimal cost)
> In a very practical sense a pseudo random generator is completely
> sufficient. Throwing in a few truly random numbers guards against
> attacks on the random number generator.
>
> What we have now is a hash over an a value that changes every 5
> minutes and some well known values.
Yes.
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists