lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 8 Nov 2010 13:42:28 -0800
From:	Kees Cook <kees.cook@...onical.com>
To:	Ingo Molnar <mingo@...e.hu>
Cc:	Siarhei Liakh <sliakh.lkml@...il.com>,
	Rusty Russell <rusty@...tcorp.com.au>,
	linux-kernel@...r.kernel.org,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	"H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Arjan van de Ven <arjan@...radead.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [Security] proactive defense: using read-only memory, RO/NX
 modules

Hi,

On Mon, Nov 08, 2010 at 07:13:24AM +0100, Ingo Molnar wrote:
> * Kees Cook <kees.cook@...onical.com> wrote:
> > While Dan Rosenberg is working to make things harder to locate potential targets 
> > in the kernel through fixing kernel address leaks[1], I'd like to approach a 
> > related proactive security measure: enforcing read-only memory for things that 
> > would make good targets.
> 
> Nice! IMHO we need more of that. (If the readonly section gets big enough in 
> practice we could perhaps even mark it large-page in the future. It could serve as 
> an allocator to module code as well - that would probably be a speedup even for 
> modules.)

Well, I can try to extract and send what PaX does, but it seems relatively
incompatible with the existing system that uses set_kernel_text_rw() and
friends.

> > - Modules need to be correctly marked RO/NX. This patch exists[3], but is
> >   not in mainline. It needs to be in mainline.
> [...]
> >
> > [3] http://git.kernel.org/?p=linux/kernel/git/x86/linux-2.6-tip.git;a=commitdiff;h=65187d24fa3ef60f691f847c792e8eaca7e19251
> 
> The reason the RO/NX patch from Siarhei Liakh is not upstream yet is rather mundane: 
> it introduced regressions - it caused boot crashes on one of my testboxes.
> 
> But there is no fundamental reason why it shouldnt be upstream. We can push it 
> upstream if the crashes are resolved and if it gets an Ack from Rusty or Linus for 
> the module bits.

Oh, well, yes, that's a good reason. :) Where was this covered? I'd like to
help get it reproduced and ironed out.

-Kees

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ