lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Mar 2015 17:19:41 -0700 From: Andy Lutomirski <luto@...capital.net> To: Kees Cook <keescook@...omium.org> Cc: "Kirill A. Shutemov" <kirill@...temov.name>, Dave Hansen <dave.hansen@...ux.intel.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Linux-MM <linux-mm@...ck.org>, LKML <linux-kernel@...r.kernel.org>, Andrew Morton <akpm@...ux-foundation.org>, Linus Torvalds <torvalds@...ux-foundation.org>, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, Pavel Emelyanov <xemul@...allels.com>, Konstantin Khlebnikov <khlebnikov@...nvz.org>, Mark Seaborn <mseaborn@...omium.org> Subject: Re: [RFC, PATCH] pagemap: do not leak physical addresses to non-privileged userspace On Mon, Mar 9, 2015 at 5:11 PM, Kees Cook <keescook@...omium.org> wrote: > On Mon, Mar 9, 2015 at 2:11 PM, Kirill A. Shutemov <kirill@...temov.name> wrote: >> From: "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com> >> >> As pointed by recent post[1] on exploiting DRAM physical imperfection, >> /proc/PID/pagemap exposes sensitive information which can be used to do >> attacks. >> >> This is RFC patch which disallow anybody without CAP_SYS_ADMIN to read >> the pagemap. >> >> Any comments? > > I prefer Dave Hansen's approach: > > http://www.spinics.net/lists/kernel/msg1941939.html > > This gives finer grained control without globally dropping the ability > of a non-root process to examine pagemap details (which is the whole > point of the interface). per-pidns like this is no good. You shouldn't be able to create a non-paranoid pidns if your parent is paranoid. Also, at some point we need actual per-ns controls. This mount option stuff is hideous. --Andy > > -Kees > >> >> [1] http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html >> >> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@...ux.intel.com> >> Cc: Pavel Emelyanov <xemul@...allels.com> >> Cc: Konstantin Khlebnikov <khlebnikov@...nvz.org> >> Cc: Andrew Morton <akpm@...ux-foundation.org> >> Cc: Linus Torvalds <torvalds@...ux-foundation.org> >> Cc: Mark Seaborn <mseaborn@...omium.org> >> Cc: Andy Lutomirski <luto@...capital.net> >> --- >> fs/proc/task_mmu.c | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c >> index 246eae84b13b..b72b36e64286 100644 >> --- a/fs/proc/task_mmu.c >> +++ b/fs/proc/task_mmu.c >> @@ -1322,6 +1322,9 @@ out: >> >> static int pagemap_open(struct inode *inode, struct file *file) >> { >> + /* do not disclose physical addresses: attack vector */ >> + if (!capable(CAP_SYS_ADMIN)) >> + return -EPERM; >> pr_warn_once("Bits 55-60 of /proc/PID/pagemap entries are about " >> "to stop being page-shift some time soon. See the " >> "linux/Documentation/vm/pagemap.txt for details.\n"); >> -- >> 2.3.1 >> >> -- >> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in >> the body of a message to majordomo@...r.kernel.org >> More majordomo info at http://vger.kernel.org/majordomo-info.html >> Please read the FAQ at http://www.tux.org/lkml/ > > > > -- > Kees Cook > Chrome OS Security -- Andy Lutomirski AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists