lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 18 Jan 2017 10:48:58 +0000
From:   Mark Rutland <mark.rutland@....com>
To:     PaX Team <pageexec@...email.hu>
Cc:     kernel-hardening@...ts.openwall.com,
        Kees Cook <keescook@...omium.org>,
        Emese Revfy <re.emese@...il.com>,
        "AKASHI, Takahiro" <takahiro.akashi@...aro.org>,
        park jinbum <jinb.park7@...il.com>,
        Daniel Micay <danielmicay@...il.com>,
        linux-kernel@...r.kernel.org, spender@...ecurity.net
Subject: Re: [PATCH] gcc-plugins: Add structleak for more stack initialization

On Tue, Jan 17, 2017 at 07:54:38PM +0100, PaX Team wrote:
> On 17 Jan 2017 at 17:48, Mark Rutland wrote:
> > That being the case, (and given the relevant bug has now been fixed),
> > it's not clear to me what the value of this is today. i.e. given the
> > general case, is this preventing many leaks?
> 
> no idea, i stopped looking at the instrumentation log long ago, but everyone
> can enable the debug output (has a very specific comment on it ;) and look at
> the results. i keep this plugin around because it costs nothing to maintain
> it and the alternative (better) solution doesn't exist yet.

Fair enough; understood.

> > > i never went into that direction because i think the security goal can
> > > be achieved without the performance impact of forced initialization.
> > 
> > Was there a particular technique you had in mind?
> 
> sure, i mentioned it in my SSTIC'12 keynote (page 36):
> https://pax.grsecurity.net/docs/PaXTeam-SSTIC12-keynote-20-years-of-PaX.pdf

Thanks for the pointer.

I'm probably being very naive here, but IIUC the per-task usercopy stack
would require roughly the same analysis to identify relevant variables,
unless all local variables (regardless of initialisation) that fed into
a usercopy would be on the usercopy stack?

Regardless, I can see the benefit of cleanly separating that data from
the rest of the kernel data.

Thanks,
Mark.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ