| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 23 May 2009 08:56:53 -0700 From: Arjan van de Ven <arjan@...radead.org> To: Alan Cox <alan@...rguk.ukuu.org.uk> Cc: "Larry H." <research@...reption.com>, Ingo Molnar <mingo@...e.hu>, Rik van Riel <riel@...hat.com>, linux-kernel@...r.kernel.org, Linus Torvalds <torvalds@...l.org>, linux-mm@...ck.org, Ingo Molnar <mingo@...hat.com>, pageexec@...email.hu Subject: Re: [patch 0/5] Support for sanitization flag in low-level page allocator On Sat, 23 May 2009 09:09:10 +0100 Alan Cox <alan@...rguk.ukuu.org.uk> wrote: > > Enabling SLAB poisoning by default will be a bad idea > > Why ? > > > I looked for unused/re-usable flags too, but found none. It's > > interesting to see SLUB and SLOB have their own page flags. Did > > anybody oppose those when they were proposed? > > Certainly they were looked at - but the memory allocator is right at > the core of the system rather than an add on. > > > > Ditto - which is why I'm coming from the position of an "if we > > > free it clear it" option. If you need that kind of security the > > > cost should be more than acceptable - especially with modern > > > processors that can do cache bypass on the clears. > > > > Are you proposing that we should simply remove the confidential > > flags and just stick to the unconditional sanitization when the > > boot option is enabled? If positive, it will make things more > > simple and definitely is better than nothing. I would have (still) > > preferred the other old approach to be merged, but whatever works > > at this point. > > I am because > - its easy to merge > - its non controversial > - it meets the security good practice and means we don't miss any > alloc/free cases > - it avoid providing flags to help a trojan identify "interesting" > data to acquire > - modern cpu memory clearing can be very cheap .. and if we zero on free, we don't need to zero on allocate. While this is a little controversial, it does mean that at least part of the cost is just time-shifted, which means it'll not be TOO bad hopefully... -- Arjan van de Ven Intel Open Source Technology Centre For development, discussion and tips for power savings, visit http://www.lesswatts.org -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists