lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 04 Mar 2011 09:36:04 -0800
From:	Dave Hansen <dave@...ux.vnet.ibm.com>
To:	Pekka Enberg <penberg@...nel.org>
Cc:	Theodore Tso <tytso@....edu>,
	Dan Rosenberg <drosenberg@...curity.com>,
	Matt Mackall <mpm@...enic.com>, cl@...ux-foundation.org,
	linux-mm@...ck.org, linux-kernel@...r.kernel.org,
	Ingo Molnar <mingo@...e.hu>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH] Make /proc/slabinfo 0400

On Fri, 2011-03-04 at 08:52 +0200, Pekka Enberg wrote:
> On Fri, Mar 4, 2011 at 2:50 AM, Theodore Tso <tytso@....edu> wrote:
> > Being able to monitor /proc/slabinfo is incredibly useful for finding various
> > kernel problems.  We can see if some part of the kernel is out of balance,
> > and we can also find memory leaks.   I once saved a school system's Linux
> > deployment because their systems were crashing once a week, and becoming
> > progressively more unreliable before they crashed, and the school board
> > was about to pull the plug.
> 
> Indeed. However, I'm not sure we need to expose the number of _active
> objects_ to non-CAP_ADMIN users (which could be set to zeros if you
> don't have sufficient privileges). Memory leaks can be detected from
> the total number of objects anyway, no? 

This:

	http://www.exploit-db.com/exploits/14814/

loops doing allocations until total==active, and then does one more
allocation to get the position in the slab it needs.  If we mask
'active', it'll just loop until 'total' gets bumped, and then consider
the _previous_ allocation to have been the one that was in the necessary
position.

As Ted mentioned, the real issue here is being able to infer location
inside the slab by correlating your allocations with when the slab
statistics get bumped.  You can do that with slabinfo pretty precisely,
but you can probably also pull it off with meminfo too, albeit with less
precision.

We need to either keep the bad guys away from the counts (this patch),
or de-correlate the counts moving around with the position of objects in
the slab.  Ted's suggestion is a good one, and the only other thing I
can think of is to make the values useless, perhaps by batching and
delaying the (exposed) counts by a random amount.

-- Dave

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ