lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 2 Feb 2015 16:13:38 +0100
From:	Peter Zijlstra <peterz@...radead.org>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Darren Hart <darren@...art.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Jerome Marchand <jmarchan@...hat.com>,
	Larry Woodman <lwoodman@...hat.com>,
	Mateusz Guzik <mguzik@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/1] futex: check PF_KTHREAD rather than !p->mm to filter
 out kthreads

(private noaw)

On Mon, Feb 02, 2015 at 04:11:59PM +0100, Peter Zijlstra wrote:
> On Mon, Feb 02, 2015 at 03:05:15PM +0100, Oleg Nesterov wrote:
> 
> > First of all, why exactly do we need this mm/PF_KTHREAD check added by
> > f0d71b3dcb8332f7971 ? Of course, it is simply wrong to declare a random
> > kernel thread to be the owner as the changelog says. But why kthread is
> > worse than a random user-space task, say, /sbin/init?
> 
> As the changelog says, we _should_ equally disallow other userspace
> tasks that do not share the futex value with us, its just that at the
> time we could not come up with a sensible (and cheap) way of testing for
> this.
> 
> > IIUC, the fact that we can abuse ->pi_state_list is not that bad, no matter
> > if this (k)thread will exit or not. AFAICS, the only problem is that we can
> > boost the prio of this thread. Or I missed another problem?
> 
> No that's it.

Prio leaks allow (local) DoS attacks. It allows an unpriv user to gain
FIFO and burn silly amounts of cycles.

We should really plug that hole entirely.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ