| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a36005b50809140904h690d00b0sa66f166a64850114@mail.gmail.com> Date: Sun, 14 Sep 2008 09:04:08 -0700 From: "Ulrich Drepper" <drepper@...il.com> To: "Pavel Machek" <pavel@...e.cz> Cc: "Arjan van de Ven" <arjan@...radead.org>, linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org, dwmw2@...radead.org, drepper@...hat.com, mingo@...e.hu, tglx@...x.de Subject: Re: [PATCH 12/13] hrtimer: create a "timer_slack" field in the task struct On Sun, Sep 14, 2008 at 8:57 AM, Pavel Machek <pavel@...e.cz> wrote: >> LD_PRELOAD and other variables are ignored in security-relevant >> contexts and environments are cleared in many situations. Sure, you > > ...but that's okay, right? You would not want passwd to inherit huge > slack specified by attacker...? No, it's not OK. There are enough apps which are privileged and need to be handled this way. Take the X server, for instance. ] > Well, it is not too much, but... is the cost for userspace really > significant? You'd clearly want it stored in environment, not > filesystem... You cannot really use the environment for anything meaningful. Especially for this case, you couldn't change the setting for a running process. What a fully-userlevel implementation would have to do is read the value from a file and monitor the file for changes for every new poll/select call. That's a huge cost. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists