lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110527135015.GC8053@redhat.com>
Date:	Fri, 27 May 2011 09:50:15 -0400
From:	Vivek Goyal <vgoyal@...hat.com>
To:	Dan Rosenberg <drosenberg@...curity.com>
Cc:	Tony Luck <tony.luck@...il.com>, linux-kernel@...r.kernel.org,
	davej@...hat.com, kees.cook@...onical.com, davem@...emloft.net,
	eranian@...gle.com, torvalds@...ux-foundation.org,
	adobriyan@...il.com, penberg@...nel.org, hpa@...or.com,
	Arjan van de Ven <arjan@...radead.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Valdis.Kletnieks@...edu, Ingo Molnar <mingo@...e.hu>,
	pageexec@...email.hu
Subject: Re: [RFC][PATCH] Randomize kernel base address on boot

On Fri, May 27, 2011 at 09:21:32AM -0400, Dan Rosenberg wrote:
> On Fri, 2011-05-27 at 09:13 -0400, Vivek Goyal wrote:
> > On Thu, May 26, 2011 at 04:44:34PM -0400, Dan Rosenberg wrote:
> > > On Thu, 2011-05-26 at 16:40 -0400, Vivek Goyal wrote:
> > > > On Thu, May 26, 2011 at 04:35:02PM -0400, Vivek Goyal wrote:
> > > > > On Tue, May 24, 2011 at 04:31:45PM -0400, Dan Rosenberg wrote:
> > > > > > This introduces CONFIG_RANDOMIZE_BASE, which randomizes the address at
> > > > > > which the kernel is decompressed at boot as a security feature that
> > > > > > deters exploit attempts relying on knowledge of the location of kernel
> > > > > > internals.  The default values of the kptr_restrict and dmesg_restrict
> > > > > > sysctls are set to (1) when this is enabled, since hiding kernel
> > > > > > pointers is necessary to preserve the secrecy of the randomized base
> > > > > > address.
> > > > > 
> > > > > What happens to /proc/iomem interface which gives us the physical memory
> > > > > location where kernel is loaded. kexec-tools relies on that interface
> > > > > heavily so we can not take it away. And if we can not take it away then
> > > > > I think somebody should be easibly be able to calculate this randomized
> > > > > base address.
> > > 
> > > Is it common to run kexec-tools as non-root?  It may be necessary to
> > > restrict this interface to root when randomization is used (keep in mind
> > > nobody's going to force you to turn this on by default, at least for the
> > > foreseeable future).
> > 
> > Dan, 
> > 
> > I had a stupid question. /proc/kallsyms is also readable by root only. So
> > if we are doing this so that non-root user can not know kernel virtual and
> > physical address that should be already covered as non-root users can't
> > read /proc/kallsysm or /boot/System.map.
> > 
> 
> Not sure what system you're running, but /proc/kallsyms is 0444 on my
> machine (and in mainline, afaik).  Likewise for /proc/iomem.

Sorry. I read it wrong. Yes /proc/iomem and /proc/kallsyms are 0444.

> 
> The problem is mainly with distribution kernels - it's trivial to just
> grab an identical vmlinux to a target machine and then you instantly
> know exactly where everything is.
> 
> > And if this randomization is also to protect information from root user
> > then /proc/iomem exporting the physical address of kernel is still a
> > valid question in that context.
> > 
> 
> I think we can deal with unprivileged users first, and if we want to
> truly prevent root from finding this out, we can introduce a separate
> toggle that locks things down further.

Ok, given the fact that /proc/iomem is 0444 and it carries the physical
address of kernel, it think it should be easy to calcualte the randomized
offset.  So I guess we shall have to do something about that too.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ