lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1307596281.3980.59.camel@edumazet-laptop>
Date:	Thu, 09 Jun 2011 07:11:21 +0200
From:	Eric Dumazet <eric.dumazet@...il.com>
To:	Andrew Lutomirski <luto@....edu>
Cc:	Darren Hart <dvhart@...ux.intel.com>,
	George Spelvin <linux@...izon.com>, david@...advisors.com,
	kyle@...fetthome.net, linux-kernel@...r.kernel.org
Subject: Re: Change in functionality of futex() system call.

Le jeudi 09 juin 2011 à 00:10 -0400, Andrew Lutomirski a écrit :
> On Wed, Jun 8, 2011 at 11:54 PM, Eric Dumazet <eric.dumazet@...il.com> wrote:
> >
> > You can not prevent DOS on a machine if you allow a process to RO map
> > your critical files (where you put futexes), because you allow this
> > process to interfere with critical cache lines bouncing between cpus.
> 
> The cacheline bounce DoS slows things down and they go back to normal
> when you kill the DoS-ing task.
> 
> The wakeup-eating DoS is permanent.  Seems a good deal worse to me.
> 
> If you make this change, please at least document it in the man page.
> 


This is how futexes had working for years.

It was very obvious from the beginning. Please submit a man page change
since you raised the point. You own the credit to open a CVE and
immediately release a fix to all 2.6 versions !

How come a critical fix (according to you) went without being noticed
and documented ?

> Then how am I supposed to efficiently broadcast information to
> untrusted processes?  I'll have to put any futexes involved into
> different files, but one way or another the actual data will have to
> be memory mapped to avoid syscall overhead.

futexes are a linux extension over standard VM games.

If you dont know how to share a memory segment between a group of
processes, disallowing others to come spy on you, maybe its better to
use another IPC ?

Instead of 'fixing' futexes, what about educating people how to
correctly use memory segments ?



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ