| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Nov 2011 21:45:22 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: linux-kernel@...r.kernel.org
Cc: Alexey Dobriyan <adobriyan@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: [PATCH] proc: restrict access to /proc/interrupts
/proc/interrupts contains the number of emitted interrupts, which
should not be world readable. The information about keyboard
interrupts number may be used to learn the precise number of characters in
users' passwords by simply watching the changes of number of emitted
interrupts during the life of gksu-like programs.
The PoC is publicly available at:
http://www.openwall.com/lists/oss-security/2011/11/07/9
Cc: <stable@...nel.org>
Signed-off-by: Vasiliy Kulikov <segoon@...nwall.com>
---
fs/proc/interrupts.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/proc/interrupts.c b/fs/proc/interrupts.c
index 05029c0..2fe87a1 100644
--- a/fs/proc/interrupts.c
+++ b/fs/proc/interrupts.c
@@ -47,7 +47,7 @@ static const struct file_operations proc_interrupts_operations = {
static int __init proc_interrupts_init(void)
{
- proc_create("interrupts", 0, NULL, &proc_interrupts_operations);
+ proc_create("interrupts", S_IRUSR, NULL, &proc_interrupts_operations);
return 0;
}
module_init(proc_interrupts_init);
--
1.7.0.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists