| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 23 Mar 2008 14:25:17 +0100 From: Pavel Machek <pavel@....cz> To: Andi Kleen <andi@...stfloor.org> Cc: Nicholas Miell <nmiell@...cast.net>, Ulrich Drepper <drepper@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: [PATCH prototype] [0/8] Predictive bitmaps for ELF executables On Sat 2008-03-22 15:29:49, Andi Kleen wrote: > On Sat, Mar 22, 2008 at 03:16:31AM -0700, Nicholas Miell wrote: > > > > *sigh* this is probably true > > Actually it is a relatively weak argument assuming the standard > 4k xattrs, but still an issue. > > The other stronger argument against it is that larger xattrs tend to be > outside the inode so you would have another seek again. > > > > and a mess to manage (a lot of tools don't know about them) > > > > At this point in time, all tools that don't support xattrs are > > defective, > > Good joke. > > > I just have an instinctive aversion towards the kernel mucking around in > > ELF objects -- for one thing, you're going to have to blacklist > > cryptographically signed binaries. > > What signed binaries? > > Anyways there are two ways to deal with this: > > - Run the executable through a little filter that zeroes the bitmap before > computing the checksum. That is how rpm -V deals with prelinked binaries which > have a similar issue. You can probably reuse the scripts from rpm. Is this good idea? Attacker can send you binary with the bitmap inverted, it is now slow on your system and signature matches. ...might be important for benchmarks... 'here, see, Oracle is slow. Feel free to verify the signature'. ...ok, I guess it is not too serious, because it is similar to fragmentation.... -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists