| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20211021195311.6058b90f573641542605dae4@linux-foundation.org>
Date: Thu, 21 Oct 2021 19:53:11 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Kees Cook <keescook@...omium.org>
Cc: Mike Rapoport <rppt@...nel.org>,
Jordy Zomer <jordy@...dyzomer.github.io>, linux-mm@...ck.org,
Dmitry Vyukov <dvyukov@...gle.com>,
James Bottomley <James.Bottomley@...senPartnership.com>,
David Hildenbrand <david@...hat.com>,
linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] mm/secretmem: Avoid letting secretmem_users drop to
zero
On Thu, 21 Oct 2021 08:40:46 -0700 Kees Cook <keescook@...omium.org> wrote:
> Quoting Dmitry: "refcount_inc() needs to be done before fd_install().
> After fd_install() finishes, the fd can be used by userspace and we can
> have secret data in memory before the refcount_inc().
>
> A straightforward mis-use where a user will predict the returned fd
> in another thread before the syscall returns and will use it to store
> secret data is somewhat dubious because such a user just shoots themself
> in the foot.
>
> But a more interesting mis-use would be to close the predicted fd and
> decrement the refcount before the corresponding refcount_inc, this way
> one can briefly drop the refcount to zero while there are other users
> of secretmem."
>
> Move fd_install() after refcount_inc().
I added cc:stable. Or doesn't the benefit/risk ratio justify that?
Powered by blists - more mailing lists