| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090522143718.75790c94@lxorguk.ukuu.org.uk> Date: Fri, 22 May 2009 14:37:18 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: "Larry H." <research@...reption.com> Cc: Rik van Riel <riel@...hat.com>, Peter Zijlstra <peterz@...radead.org>, linux-kernel@...r.kernel.org, Linus Torvalds <torvalds@...l.org>, linux-mm@...ck.org, Ingo Molnar <mingo@...hat.com> Subject: Re: [patch 0/5] Support for sanitization flag in low-level page allocator > Definitely, but there's no need for this at all. If you want to target > certain sensitive data, just grep the variable names in the > world-readable System.map of your distribution of choice. A lot of dynamic data will not be findable by System.map but its certainly findable if you've got a "look mummy this one is stamped confidential" flag then it becomes easy to find. > > Obvious candidates would be AGPGart, DRI buffers, DMA lowmem buffering, > > pad buffers - I dont think they clear all cases and in some cases > > (notably DRI) there is data that is potentially "secret" stored in the > > video RAM. > > Overkill. Again, you really don't need to scan memory for anything. Much > less video memory. If you already have CAP_SYS_RAWIO, you have more > reliable and easier techniques to intercept information. If you are working to clear memory then your model is totally flawed because a lot of memory you might want to handle this way is never deallocated. > > You can also extract bits of data post clear out of fascinating corners > > like the debug interfaces to FIFOs on I/O controllers. There are also a > > large category of buffers that don't get freed/reallocated notably ring > > buffers for networking, and tty ring buffers which are mostly not freed > > for the lifetime of the device (ie forever). Cleaning all RAM as an > > option on S2D and shutdown would be the only real way you'd fix that. > > One of the patches takes care of tty buffer management to adopt the new > flag. The only real way to solve the lengthy list of security risks > coming along suspend-to-disk approaches is to simply disable > suspend-to-disk altogether. Which is a rather peculiar viewpoint you hold that I would disagree with entirely. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists