lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 8 Nov 2010 07:13:24 +0100
From:	Ingo Molnar <mingo@...e.hu>
To:	Kees Cook <kees.cook@...onical.com>,
	Siarhei Liakh <sliakh.lkml@...il.com>,
	Rusty Russell <rusty@...tcorp.com.au>
Cc:	linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Arjan van de Ven <arjan@...radead.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [Security] proactive defense: using read-only memory, RO/NX
 modules


* Kees Cook <kees.cook@...onical.com> wrote:

> Hi,
> 
> While Dan Rosenberg is working to make things harder to locate potential targets 
> in the kernel through fixing kernel address leaks[1], I'd like to approach a 
> related proactive security measure: enforcing read-only memory for things that 
> would make good targets.

Nice! IMHO we need more of that. (If the readonly section gets big enough in 
practice we could perhaps even mark it large-page in the future. It could serve as 
an allocator to module code as well - that would probably be a speedup even for 
modules.)

> [...]
>
> The proposal is simple: as much of the kernel should be read-only as possible, 
> most especially function pointers and other execution control points, which are 
> the easiest target to exploit when an arbitrary kernel memory write becomes 
> available[2] to an attacker. There has been past work to "const"ify function 
> pointer tables, and this should continue. However, there are a few things that 
> need further attention:
> 
> - Modules need to be correctly marked RO/NX. This patch exists[3], but is
>   not in mainline. It needs to be in mainline.
[...]
>
> [3] http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git;a=commitdiff;h=65187d24fa3ef60f691f847c792e8eaca7e19251

The reason the RO/NX patch from Siarhei Liakh is not upstream yet is rather mundane: 
it introduced regressions - it caused boot crashes on one of my testboxes.

But there is no fundamental reason why it shouldnt be upstream. We can push it 
upstream if the crashes are resolved and if it gets an Ack from Rusty or Linus for 
the module bits.

Siarhei, what's the status of your RO/NX changes?

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ