lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAOJsxLE5TMXwAHPks-mvk0EPAHC18fDXf345uZ3umkzNkk7-cQ@mail.gmail.com>
Date:	Mon, 19 Sep 2011 22:18:34 +0300
From:	Pekka Enberg <penberg@...helsinki.fi>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	Vasiliy Kulikov <segoon@...nwall.com>,
	Andrew Morton <akpm@...ux-foundation.org>,
	kernel-hardening@...ts.openwall.com, Kees Cook <kees@...ntu.com>,
	Cyrill Gorcunov <gorcunov@...il.com>,
	Al Viro <viro@...iv.linux.org.uk>,
	Christoph Lameter <cl@...ux-foundation.org>,
	Matt Mackall <mpm@...enic.com>, linux-kernel@...r.kernel.org,
	linux-mm@...ck.org, Dan Rosenberg <drosenberg@...curity.com>,
	Theodore Tso <tytso@....edu>, Alan Cox <alan@...ux.intel.com>,
	Jesper Juhl <jj@...osbits.net>
Subject: Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to /proc/slabinfo

Hi Linus,

On Mon, Sep 19, 2011 at 9:55 PM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> Also, quite frankly, your argument that /proc/slabinfo is so important
> for kernel debugging is bogus. Every time I've complained about the
> fact that the thing is useless AND ACTIVELY MISLEADING because it
> mixes up all the slabs (so big numbers for "vm_area_struct" might
> actually be about some other slab entirely, and *has* been, to the
> point of people wasting time), the answer has been "whatever".
>
> You can't have it both ways just to argue for the status quo.

Well, sure. I was actually planning to rip out SLUB merging completely
because it makes /proc/slabinfo so useless but never got around doing
that. Mixing up allocations makes heap exploits harder but there's no
agreement on how much more difficult (i.e. if it matters at all for brute
force attacks).

So dunno what's the right thing to do here. Every time I discuss the
issues with 'security folks' I'm left with more questions than answers...
Everybody seems to be more interested in closing down kernel ABIs
rather than making kernel memory allocations more robust against
attacks.

But anyway, if you feel about this strongly feel free to pick up
Vasiliy's patch. I think my suggestion of introducing a
CONFIG_RESTRICT_PROCFS makes most sense because:

  - When we've mucked around with /proc/slabinfo in the past, we have
    broken setups. (That might be less relevant now.)

  - /proc/slabinfo is not the only source where you can get information
    on kernel memory allocations (we have one in sysfs and perf kmem).

On Mon, Sep 19, 2011 at 9:55 PM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> Considering how useless /proc/slabinfo actually is today - exactly
> because of the misleading mixing - I suspect the right thing to do is
> to make it root-only.
>
> Having some aggregate number in /proc/meminfo would probably be fine.
>
> And yes, we probably should avoid giving page-level granularity in
> /proc/meminfo too. Do it in megabytes instead. None of the information
> there is really relevant at a page level, everybody just wants rough
> aggregates.

We have this in /proc/meminfo:

Slab:              20012 kB

Or did you mean something even more specific?

                        Pekka
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ