lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTikgb96oJCrF-5sBPMUTiNPbCMEGUkuGxAJ=g-Mx@mail.gmail.com>
Date:	Tue, 16 Nov 2010 21:58:44 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Kyle Moffett <kyle@...fetthome.net>
Cc:	Marcus Meissner <meissner@...e.de>, linux-kernel@...r.kernel.org,
	tj@...nel.org, akpm@...ux-foundation.org, hpa@...or.com,
	mingo@...e.hu, w@....eu, alan@...rguk.ukuu.org.uk
Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

On Tue, Nov 16, 2010 at 9:40 PM, Kyle Moffett <kyle@...fetthome.net> wrote:
>
>  (1) For 99%+ of all the computers out there you can

I think that misses the point.

Security is never about absolutes. Anybody who believes in absolute
security is a moron.

True security is about "piling up the inconveniences on the attack".
Several layers. Sure, it's easy to attack a system that is a
monoculture. But immediately when you start saying "you can always
figure out the particular version" and you're talking about tens (or
hundreds) of versions, suddenly you really _are_ more secure. Because
suddenly it's one more pain.

And no, that "one more pain" is not going to be the thing that stops
attacks. But add a number of "one more pains" together, and it gets
increasingly unlikely that you will have a widespread and successful
attack.

So I do think that it's worth closing these "small" holes. Anything
that makes it more work to attack really _is_ improving things.

And being able to just immediately see the addresses is just very
convenient if you have an attack that needs kernel addresses. Much
better that we not make these things visible by default.

And yes, people can look at the vmlinux files. That's outside our
control. And maybe distros will want to close that hole, and maybe
they won't, but at least they don't have the excuse that "well, it's
not even worth it, because the kernel exports that information in
/proc/kallsyms already".

              Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ