| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20111227153304.c585c5f6.akpm@linux-foundation.org> Date: Tue, 27 Dec 2011 15:33:04 -0800 From: Andrew Morton <akpm@...ux-foundation.org> To: Cyrill Gorcunov <gorcunov@...nvz.org> Cc: linux-kernel@...r.kernel.org, Pavel Emelyanov <xemul@...allels.com>, Glauber Costa <glommer@...allels.com>, Andi Kleen <andi@...stfloor.org>, Tejun Heo <tj@...nel.org>, Matt Helsley <matthltc@...ibm.com>, Pekka Enberg <penberg@...nel.org>, Eric Dumazet <eric.dumazet@...il.com>, Vasiliy Kulikov <segoon@...nwall.com>, Alexey Dobriyan <adobriyan@...il.com> Subject: Re: [patch 1/4] Add routine for generating an ID for kernel pointer On Fri, 23 Dec 2011 16:47:42 +0400 Cyrill Gorcunov <gorcunov@...nvz.org> wrote: > The routine XORs the given pointer with a random value > producing an ID (32 or 64 bit, depending on the arch). > > Since it's a valuable information -- only CAP_SYS_ADMIN > is allowed to obtain it. > > - Tejun worried about the single poison value was a weak side - > leaking one makes all the IDs vulnerable. To address this > several poison values - one per object type - are introduced. > They are stored in a plain array. > - Pekka proposed to initialized poison values in the late_initcall callback > - ... and move the code to mm/util.c > > ... > The code in general looks simple and reasonable to me. I'm too much of a security weenie to pass judgement on the security aspects. > > ... > > --- linux-2.6.git.orig/mm/Kconfig > +++ linux-2.6.git/mm/Kconfig > @@ -373,3 +373,19 @@ config CLEANCACHE > in a negligible performance hit. > > If unsure, say Y to enable cleancache > + > +config GENERIC_OBJECT_ID > + bool "Enable generic object ID infrastructure" > + depends on CHECKPOINT_RESTORE Is c/r useless without GENERIC_OBJECT_ID? If so, perhaps a `select' would be good here. > + default n > + help > + Turn on the functionality that can generate IDs for kernel > + objects, which are exported to userspace via /proc filesystem. > + > + It is useful if you need to examinate kernel objects and test > + if they are shared between several tasks. These IDs should never > + be used for anything but the "sameness" test. Besides, the IDs are > + dynamic and valid only while object is alive, once it get freed or > + kernel is rebooted -- the IDs will be changed. > + > + If unsure, say N here. > Index: linux-2.6.git/mm/Makefile > =================================================================== > --- linux-2.6.git.orig/mm/Makefile > +++ linux-2.6.git/mm/Makefile > @@ -51,3 +51,4 @@ obj-$(CONFIG_HWPOISON_INJECT) += hwpoiso > obj-$(CONFIG_DEBUG_KMEMLEAK) += kmemleak.o > obj-$(CONFIG_DEBUG_KMEMLEAK_TEST) += kmemleak-test.o > obj-$(CONFIG_CLEANCACHE) += cleancache.o > +obj-$(CONFIG_GENERIC_OBJECT_ID) += gen_obj_id.o > Index: linux-2.6.git/mm/gen_obj_id.c > =================================================================== > --- /dev/null > +++ linux-2.6.git/mm/gen_obj_id.c > @@ -0,0 +1,51 @@ > +#include <linux/kernel.h> > +#include <linux/capability.h> > +#include <linux/random.h> > +#include <linux/module.h> > +#include <linux/init.h> > +#include <linux/gen_obj_id.h> Formally, we need more includes than this. cache.h for __read_mostly, bug.h for BUG(), maybe others. Forgetting bug.h used to be (and maybe still is) a popular way of breaking the build for alpha. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists