| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Dec 2011 20:53:36 +0400 From: Cyrill Gorcunov <gorcunov@...il.com> To: Tejun Heo <tj@...nel.org> Cc: linux-kernel@...r.kernel.org, Pavel Emelyanov <xemul@...allels.com>, Glauber Costa <glommer@...allels.com>, Andi Kleen <andi@...stfloor.org>, Matt Helsley <matthltc@...ibm.com>, Pekka Enberg <penberg@...nel.org>, Eric Dumazet <eric.dumazet@...il.com>, Vasiliy Kulikov <segoon@...nwall.com>, Andrew Morton <akpm@...ux-foundation.org>, Alexey Dobriyan <adobriyan@...il.com> Subject: Re: [patch 1/4] Add routine for generating an ID for kernel pointer On Wed, Dec 28, 2011 at 08:45:22AM -0800, Tejun Heo wrote: > Hello, > > On Wed, Dec 28, 2011 at 08:40:55PM +0400, Cyrill Gorcunov wrote: > > > We have the whole crypto subsystem dealing with this. It sure would > > > be more complex than ^ operator but it's not like you have to open > > > code the whole thing. Is it really that complex to use? > > > > No, Tejun, the use of crypto engine is not hard but it means more memory > > consumption (one need to carry resulting hashes and print them out into > > /proc) and more cpu consuption while we really need some fast and cheap > > solution. Unlike other usage of crypto engine (such as encoding for net > > layer, iirc ipsec uses it) I'm not really convinced we should use that > > heavy artillery here ;) > > But the cost would be attributed to the user requesting that specific > data and given the amount of data to be hashed, I don't think the > computational or memory overhead should be the deciding design factor > here. There are far more grave issues here. Userland visible API and > security. > Well, it is not deciding but it should be taken into account. One could be reading this IDs again and again and again affecting performance of the whole system, which means I really would prefer to limit access to such features (ie root-only). If (as I said) for other cases there is simply no way to _not_ use crypto, our case might be the one where using crypto is redundant. > > I see, I could use some other form of output, it's not a problem. The main > > problem which interface community prefer, should I really switch to crypto > > usage or we can leave with root-only+plain-pointer approach? > > I don't know either but if proper hashing (crypto or not) is simple > enough, this really isn't a tradeoff we need to make, no? > Hell knows, I would prefer to escape strong-crypto usage, but if there is no other way, of course I'll change the approach ;) Cyrill -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists