| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 1 Nov 2012 20:29:25 +0000 From: Arvid Brodin <Arvid.Brodin@...n.com> To: "Eric W. Biederman" <ebiederm@...ssion.com> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Andrew Morton" <akpm@...ux-foundation.org>, Al Viro <viro@...iv.linux.org.uk>, "Cyrill Gorcunov" <gorcunov@...nvz.org>, David Rientjes <rientjes@...gle.com> Subject: Re: fs/proc/base.c: text md5sums; tgid vs tid; and INF vs ONE? On 2012-10-30 23:45, Eric W. Biederman wrote: > Arvid Brodin <Arvid.Brodin@...n.com> writes: >> Hi, >> [] Thanks for the info! >> * Any other comments about the code? > > There are known successful attacks against md5 so using md5 for > something new and security related is a bad idea. > > Userspace can just as easily compute a security hash itself you don't > need kernel support. How would I do this on running code? Does the kernel export the process memory somewhere so that I can pipe it to md5sum? > I recommend you checkout the code in security/ima/ looks like it can > already do what you are trying to do. Ah. I did actually check this out a year and a half ago or something like that. Seems like it has gotten a bit more capable since then with the new patches (immutable executables etc)! I'll take a look at it again to see if it might fit our needs. Thanks! > > Eric -- Arvid Brodin | Consultant (Linux) XDIN AB | Knarrarnäsgatan 7 | SE-164 40 Kista | Sweden | xdin.com
Powered by blists - more mailing lists