[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090817013933.GA5039@cr0.nay.redhat.com>
Date: Mon, 17 Aug 2009 09:39:33 +0800
From: Amerigo Wang <xiyou.wangcong@...il.com>
To: David Wagner <daw@...berkeley.edu>
Cc: linux-kernel@...r.kernel.org
Subject: Re: Security: information leaks in /proc enable keystroke recovery
On Sat, Aug 15, 2009 at 03:21:27PM -0700, David Wagner wrote:
>
>In a nutshell, they exploit the fact that many files in /proc are
>world-readable yet contain sensitive information that can leak information
>about inter-keystroke timings. For instance, /proc/$PID/stat reveals the
>ESP and EIP registers of the associated process, and is world-readable.
>/proc/pid/status is also mentioned as revealing information that could
>be exploited in these attacks.
>
>Based on my understanding of their work, it sounds like some of
>the information on those files should perhaps not be world-readable.
>It's not clear to me that it's reasonable for the kernel to reveal ESP,
>EIP, and other sensitive information about process behavior to everyone
>on the same system.
Nope, just make sure EIP, ESP, WCHAN etc. info will not be leaked.
>
>Are folks already aware of these vulnerabilities?
Yes, we have already fixed this in commit f83ce3 by Jake, so EIP, ESP
and WCHAN will not be leaked for non-privileged users.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists