| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20090816003326.GC7554@mit.edu> Date: Sat, 15 Aug 2009 20:33:26 -0400 From: Theodore Tso <tytso@....edu> To: David Wagner <daw@...berkeley.edu> Cc: linux-kernel@...r.kernel.org Subject: Re: Security: information leaks in /proc enable keystroke recovery On Sat, Aug 15, 2009 at 03:21:27PM -0700, David Wagner wrote: > At Usenix Security 2009, two researchers announced last week a new > security vulnerability in multi-user Linux systems. They demonstrated > that one user can, in many cases, recover partial information about > the keystrokes that another user types into applications running on > that system. For instance, they demonstrate how a malicious user can > recover partial information about SSH passwords typed by other users, > reducing the password search space by a factor of 250-2000x in > their experiments. Thus, this could facilitate password recovery. > > In a nutshell, they exploit the fact that many files in /proc are > world-readable yet contain sensitive information that can leak information > about inter-keystroke timings. For instance, /proc/$PID/stat reveals the > ESP and EIP registers of the associated process, and is world-readable. > /proc/pid/status is also mentioned as revealing information that could > be exploited in these attacks. A configuration option which defaults to disabling ESP and EIP would be a simple way to prevent this specific instance of information leakage. The problem is there are other files that might reveal timing information, but which are very useful for a system administrator. A key example of this is /proc/$pid/wchan, which is responsible for the WCHAN column is a ps listing. Maybe the better example, othter than making some of these files non-world-readable, or zeroing out certain fields in /proc/$PID/stat, is to put in a limit to how quickly specific files can be queried. If a process's /proc files which could be used to extract keystroke timing information, is accessed more than say, ten times a second, a random delay could be added before the information is returned. Essentially, we can treat this as a covert channel that needs to be restricted off, without necessarily completely removing the ability for a system administrator to see what processes are blocked on via "ps lx". - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists