| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <BANLkTi=fJ6dY04uz9O0WaNb+f+wg-528Sg@mail.gmail.com> Date: Tue, 7 Jun 2011 15:04:03 -0400 From: Andrew Lutomirski <luto@....edu> To: Darren Hart <dvhart@...ux.intel.com> Cc: Eric Dumazet <eric.dumazet@...il.com>, Peter Zijlstra <peterz@...radead.org>, David Oliver <david@...advisors.com>, linux-kernel@...r.kernel.org, Shawn Bohrer <sbohrer@...advisors.com>, Zachary Vonler <zvonler@...advisors.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, Hugh Dickins <hughd@...gle.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...e.hu> Subject: Re: Change in functionality of futex() system call. On Tue, Jun 7, 2011 at 3:01 PM, Darren Hart <dvhart@...ux.intel.com> wrote: >>> If a group of cooperating processes uses a memory segment to exchange >>> critical information, do you really think this memory segment will be >>> readable by other unrelated processes on the machine ? >> >> Depends on the design. >> >> I have some software I'm working on that uses shared files and could >> easily use futexes. I don't want random read-only processes to >> interfere with the futex protocol. > > > So don't use world readable files. ...which prevents people from *reading* them, which was the whole point. > > >>> >>> How is this related to futex code ? >> >> Because this usage is currently safe and would become unsafe with the >> proposed change. >> >>> >>> Same problem for legacy IPC (shm, msg, sem) : Appropriate protections >>> are needed, obviously. >>> >>> BTW, kernel/futex.c uses a global hash table (futex_queues[256]) and a >>> very predictable hash_futex(), so its easy to slow down futex users... >> >> There's a difference between slowing down users by abusing a kernel >> hash and deadlocking users by eating a wakeup. (If you eat a wakeup >> the wakeup won't magically come back later. It's gone.) > > That's the nature of SHARED, you have to protect the mapping independent > of the futex mechanism. Well... it used to mean you have to protect from untrusted RW users. Now it will mean you have to protect from untrusted RO users. AFAICT sys_futex will become the only way that a user with RO access to a file can actually interfere with the owner of the file (as opposed to just learning information). Why do we need this change again? --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists