| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Dec 2008 13:57:21 +0100 From: Pavel Machek <pavel@...e.cz> To: Ingo Molnar <mingo@...e.hu> Cc: linux-kernel@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de>, Andrew Morton <akpm@...ux-foundation.org>, Stephane Eranian <eranian@...glemail.com>, Eric Dumazet <dada1@...mosbay.com>, Robert Richter <robert.richter@....com>, Arjan van de Ven <arjan@...radead.org>, Peter Anvin <hpa@...or.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Paul Mackerras <paulus@...ba.org>, "David S. Miller" <davem@...emloft.net>, perfctr-devel@...ts.sourceforge.net Subject: Re: [patch] Performance Counters for Linux, v4 On Tue 2008-12-16 13:50:00, Ingo Molnar wrote: > > * Pavel Machek <pavel@...e.cz> wrote: > > > Hmm, if I timec some setuid program, what happens? > > yes, i already had a quick look at that a few days ago when i implemented > counter inheritance (for different reasons) and couldnt find the cleanest > place to put the exec() flushing into so i procrastinated that a bit :) > > > Performance counters seem like great tool to pull secret keys out of > > other processes :-). > > if you worry about _that_ angle you also have to: > > - turn off the cycle counter > > - turn off precise utimes Probably good idea, yes. > - plus you have to forbid SMT CPUs as well. On HT a task could > co-schedule with your setuid task and observe its timing > characteristics via its _own_ behavior. (which is impacted by whatever > is running on another SMT/HT thread.) Yes, SMT is evil. > the real exec() worry are: active, IRQ driven samples/events. Not possible > yet via the current iteration of counter inheritance (hence my > procrastination) - but it makes sense and that's why i was looking at the > exec() angle. > > and that will flush simple counters too, removing your theoretical attack > angle as well. > > So how about the patch below? Thanks! > Subject: perfcounters: flush on setuid exec > From: Ingo Molnar <mingo@...e.hu> > Date: Tue Dec 16 13:40:44 CET 2008 > > Pavel Machek pointed out that performance counters should be flushed > when crossing protection domains on setuid execution. > > Reported-by: Pavel Machek <pavel@...e.cz> > Signed-off-by: Ingo Molnar <mingo@...e.hu> Acked-by: Pavel Machek <pavel@...e.cz> > @@ -1015,6 +1016,13 @@ int flush_old_exec(struct linux_binprm * > set_dumpable(current->mm, suid_dumpable); > } > > + /* > + * Flush performance counters when crossing a > + * security domain: > + */ > + if (!get_dumpable(current->mm)) > + perf_counter_exit_task(current); > + > /* An exec changes our domain. We are no longer part of the thread > group */ > -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists