| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 May 2011 09:21:32 -0400 From: Dan Rosenberg <drosenberg@...curity.com> To: Vivek Goyal <vgoyal@...hat.com> Cc: Tony Luck <tony.luck@...il.com>, linux-kernel@...r.kernel.org, davej@...hat.com, kees.cook@...onical.com, davem@...emloft.net, eranian@...gle.com, torvalds@...ux-foundation.org, adobriyan@...il.com, penberg@...nel.org, hpa@...or.com, Arjan van de Ven <arjan@...radead.org>, Andrew Morton <akpm@...ux-foundation.org>, Valdis.Kletnieks@...edu, Ingo Molnar <mingo@...e.hu>, pageexec@...email.hu Subject: Re: [RFC][PATCH] Randomize kernel base address on boot On Fri, 2011-05-27 at 09:13 -0400, Vivek Goyal wrote: > On Thu, May 26, 2011 at 04:44:34PM -0400, Dan Rosenberg wrote: > > On Thu, 2011-05-26 at 16:40 -0400, Vivek Goyal wrote: > > > On Thu, May 26, 2011 at 04:35:02PM -0400, Vivek Goyal wrote: > > > > On Tue, May 24, 2011 at 04:31:45PM -0400, Dan Rosenberg wrote: > > > > > This introduces CONFIG_RANDOMIZE_BASE, which randomizes the address at > > > > > which the kernel is decompressed at boot as a security feature that > > > > > deters exploit attempts relying on knowledge of the location of kernel > > > > > internals. The default values of the kptr_restrict and dmesg_restrict > > > > > sysctls are set to (1) when this is enabled, since hiding kernel > > > > > pointers is necessary to preserve the secrecy of the randomized base > > > > > address. > > > > > > > > What happens to /proc/iomem interface which gives us the physical memory > > > > location where kernel is loaded. kexec-tools relies on that interface > > > > heavily so we can not take it away. And if we can not take it away then > > > > I think somebody should be easibly be able to calculate this randomized > > > > base address. > > > > Is it common to run kexec-tools as non-root? It may be necessary to > > restrict this interface to root when randomization is used (keep in mind > > nobody's going to force you to turn this on by default, at least for the > > foreseeable future). > > Dan, > > I had a stupid question. /proc/kallsyms is also readable by root only. So > if we are doing this so that non-root user can not know kernel virtual and > physical address that should be already covered as non-root users can't > read /proc/kallsysm or /boot/System.map. > Not sure what system you're running, but /proc/kallsyms is 0444 on my machine (and in mainline, afaik). Likewise for /proc/iomem. The problem is mainly with distribution kernels - it's trivial to just grab an identical vmlinux to a target machine and then you instantly know exactly where everything is. > And if this randomization is also to protect information from root user > then /proc/iomem exporting the physical address of kernel is still a > valid question in that context. > I think we can deal with unprivileged users first, and if we want to truly prevent root from finding this out, we can introduce a separate toggle that locks things down further. -Dan > Thanks > Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists