| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 17 Aug 2009 09:39:33 +0800 From: Amerigo Wang <xiyou.wangcong@...il.com> To: David Wagner <daw@...berkeley.edu> Cc: linux-kernel@...r.kernel.org Subject: Re: Security: information leaks in /proc enable keystroke recovery On Sat, Aug 15, 2009 at 03:21:27PM -0700, David Wagner wrote: > >In a nutshell, they exploit the fact that many files in /proc are >world-readable yet contain sensitive information that can leak information >about inter-keystroke timings. For instance, /proc/$PID/stat reveals the >ESP and EIP registers of the associated process, and is world-readable. >/proc/pid/status is also mentioned as revealing information that could >be exploited in these attacks. > >Based on my understanding of their work, it sounds like some of >the information on those files should perhaps not be world-readable. >It's not clear to me that it's reasonable for the kernel to reveal ESP, >EIP, and other sensitive information about process behavior to everyone >on the same system. Nope, just make sure EIP, ESP, WCHAN etc. info will not be leaked. > >Are folks already aware of these vulnerabilities? Yes, we have already fixed this in commit f83ce3 by Jake, so EIP, ESP and WCHAN will not be leaked for non-privileged users. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists