lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20101107085641.GB23843@elte.hu>
Date:	Sun, 7 Nov 2010 09:56:41 +0100
From:	Ingo Molnar <mingo@...e.hu>
To:	Willy Tarreau <w@....eu>
Cc:	Marcus Meissner <meissner@...e.de>, security@...nel.org,
	mort@....com, Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	fweisbec@...il.com, "H. Peter Anvin" <hpa@...or.com>,
	linux-kernel@...r.kernel.org, jason.wessel@...driver.com,
	tj@...nel.org, Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>
Subject: Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 to
 reduce ease of attacking


* Willy Tarreau <w@....eu> wrote:

> > Not an 'arms race' thing where we just put obstruction in the road of attackers 
> > - but some real, unavoidable risk not detectable by attackers - running on most 
> > stock distro kernels. (so there would be a real economy of scale)
> > 
> > The kerneloops client could also collect exploit attempt stats.
> 
> Well, in my opinion, either the attacker is remote and you can already get many 
> info, or he's local and has time to precisely qualify the environment in order not 
> to leave the slightest trace. [...]

Your view of how attackers operate is rather simplistic. Knowing the precise 
environment (via remote or local measures) is a big tactical advantage to them.

See the very patch we are discussing. People are submitting patches to hide certain 
pieces of information exactly because that information is an advantage to attackers.

And my point is that "if you want to hide information do it effectively - or if it's 
too hard dont do it at all".

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ