| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 01 Jun 2011 14:27:45 -0400
From: Valdis.Kletnieks@...edu
To: Andrew Lutomirski <luto@....edu>
Cc: Ingo Molnar <mingo@...e.hu>, x86@...nel.org,
Thomas Gleixner <tglx@...utronix.de>,
linux-kernel@...r.kernel.org, Jesper Juhl <jj@...osbits.net>,
Borislav Petkov <bp@...en8.de>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Arjan van de Ven <arjan@...radead.org>,
Jan Beulich <JBeulich@...ell.com>,
richard -rw- weinberger <richard.weinberger@...il.com>,
Mikael Pettersson <mikpe@...uu.se>,
Andi Kleen <andi@...stfloor.org>
Subject: Re: [PATCH v3 10/10] x86-64: Add CONFIG_UNSAFE_VSYSCALLS to feature-removal-schedule
On Wed, 01 Jun 2011 13:41:56 EDT, Andrew Lutomirski said:
>> + On a system with recent enough glibc (probably 2.14 or
>> + newer) and no static binaries, you can say N without a
>> + performance penalty to improve security
>>
>> So I checked my laptop (Fedora 16 Rawhide), and found a bunch of static binaries. The ones
>> that look like people may care:
> The binaries will still work -- they'll just take a small performance
> hit (~220ns on Sandy Bridge) every time they call time().
Ah. I misparsed the Kconfig help - I read it as "If you have no static binaries,
setting this to N doesn't introduce a performance hit" (with an implied "if you
have static binaries, this will hose you"). Adding "Static binaries will continue
to work at a very small performance penalty" would probably help.
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists