[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6101e8c40908151625s52ad9b83ue061de3fab97fbf8@mail.gmail.com>
Date: Sun, 16 Aug 2009 01:25:28 +0200
From: Oliver Pinter <oliver.pntr@...il.com>
To: David Wagner <daw@...berkeley.edu>
Cc: freebsd-hackers@...ebsd.org, linux-kernel@...r.kernel.org
Subject: Re: Security: information leaks in /proc enable keystroke recovery
On 8/16/09, David Wagner <daw@...berkeley.edu> wrote:
> At Usenix Security 2009, two researchers announced last week a new
> security vulnerability in multi-user Linux systems. They demonstrated
> that one user can, in many cases, recover partial information about
> the keystrokes that another user types into applications running on
> that system. For instance, they demonstrate how a malicious user can
> recover partial information about SSH passwords typed by other users,
> reducing the password search space by a factor of 250-2000x in
> their experiments. Thus, this could facilitate password recovery.
>
> Question: Are there any plans to modify the Linux kernel to defend
> against this kind of attack?
>
> The paper is here:
>
> http://www.usenix.org/events/sec09/tech/full_papers/zhang.pdf
>
> In a nutshell, they exploit the fact that many files in /proc are
> world-readable yet contain sensitive information that can leak information
> about inter-keystroke timings. For instance, /proc/$PID/stat reveals the
> ESP and EIP registers of the associated process, and is world-readable.
> /proc/pid/status is also mentioned as revealing information that could
> be exploited in these attacks.
>
> Based on my understanding of their work, it sounds like some of
> the information on those files should perhaps not be world-readable.
> It's not clear to me that it's reasonable for the kernel to reveal ESP,
> EIP, and other sensitive information about process behavior to everyone
> on the same system.
>
> Are folks already aware of these vulnerabilities? Is there any work
> underway to try to address the issues identified in the Usenix Security
> paper?
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
[snip]
6.2 Information Leaks in the Procfs of
Other UNIX-like Systems
Besides Linux, most other UNIX-like systems also im-
plement procfs. These implementations vary from case
to case, and as a result, their susceptibilities to side-
channel attacks also differ. Here we discuss such privacy
risks on two systems, FreeBSD and OpenSolaris.
FreeBSD manages its process files more cautiously
than Linux12 : it puts all register values into the file
/proc/pid/regs that can only be read by the owner
of a process, which blocks the information used by
our attack. However, we found that other informa-
tion released by the procfs can lead to similar attacks.
A prominent example is the system time reported by
/proc/pid/status, a file open to every user. Fig-
ure 11 shows the correlations between the time con-
sumed by vim and the keystrokes it received, as ob-
served in our research. This demonstrates that keystroke
events within the process can be identified from the
change of its system time, which makes keystroke eaves-
dropping possible. A problem here is that we may not
be able to detect special keys a user enters, for example,
“MOV CURSOR”, which is determined from ESP/EIP in-
formation on Linux. A possible solution is using the dis-
crepancies of system-time increments triggered by dif-
ferent keys being entered to fingerprint these individual
keys. Further study of this technique is left to our future
research.
[/snip]
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists