lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jun 2010 09:28:08 +0900 (JST) From: KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com> To: Steve Grubb <sgrubb@...hat.com> Cc: kosaki.motohiro@...fujitsu.com, Stefani Seibold <stefani@...bold.net>, Kees Cook <kees.cook@...onical.com>, linux-kernel@...r.kernel.org, "Greg Kroah-Hartman" <gregkh@...e.de>, Andrew Morton <akpm@...ux-foundation.org>, Tejun Heo <tj@...nel.org>, Veaceslav Falico <vfalico@...hat.com>, Alexander Viro <viro@...iv.linux.org.uk>, Oleg Nesterov <oleg@...hat.com>, Neil Horman <nhorman@...driver.com>, Roland McGrath <roland@...hat.com>, Ingo Molnar <mingo@...e.hu>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Hidetoshi Seto <seto.hidetoshi@...fujitsu.com>, Thomas Gleixner <tglx@...utronix.de>, Eric Paris <eparis@...hat.com>, James Morris <jmorris@...ei.org>, "Andrew G. Morgan" <morgan@...nel.org>, Dhaval Giani <dhaval.giani@...il.com>, "Serge E. Hallyn" <serue@...ibm.com>, Christoph Hellwig <hch@....de>, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH v2] sanitize task->comm to avoid leaking escape codes > On Tuesday, June 29, 2010 08:16:08 pm KOSAKI Motohiro wrote: > > > For the audit system, we want the real, unsanitized task->comm. We record > > > it in a special format to the audit logs such that unprintable > > > characters are included. We want it exactly this way for certification > > > purposes as well as forensic evidence if someone was playing games. If > > > you do sanitize it for other areas of the kernel, please give us a way > > > to get the unsanitized text. > > > > Probably this mail is offtopic. I think audit is unrelated with this > > discusstion. because when forensic, admins shouldn't believe task->comm > > at all. because 1) no path information, perhaps "ls" might mean > > "/home/attackers-dir/evil-script/ls" 2) easily obscured by > > prctl(PR_SET_NAME). > > No, its on-topic and we want that information unchanged. Why? I think I've described why admins should't see task->comm during forensic. Do you disagree this? or Do you have another viewpoint? Can you help us clarify your point? > > That said, audit have to logged following two point if task name is > > necessary. 1) exec > > 2) prctl(PRT_SET_NAME) > > > > Thought ? > > The audit system is capable of grabbing that information, too. ok. thanks good information :) -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists