lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120330050544.GA32299@count0.beaverton.ibm.com>
Date:	Thu, 29 Mar 2012 22:05:44 -0700
From:	Matt Helsley <matthltc@...ibm.com>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	Kees Cook <keescook@...omium.org>, spender@...ecurity.net,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	linux-doc@...r.kernel.org, Jiri Kosina <jkosina@...e.cz>,
	Darren Hart <dvhart@...ux.intel.com>,
	kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org,
	David Howells <dhowells@...hat.com>,
	Randy Dunlap <rdunlap@...otime.net>,
	Linux Containers <containers@...ts.linux-foundation.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Cyrill Gorcunov <gorcunov@...nvz.org>,
	Pavel Emelyanov <xemul@...allels.com>,
	Gene Cooperman <gene@....neu.edu>
Subject: Re: [PATCH v2] futex: mark get_robust_list as deprecated

On Fri, Mar 23, 2012 at 03:06:02PM -0700, Eric W. Biederman wrote:
> Kees Cook <keescook@...omium.org> writes:
> 
> > Notify get_robust_list users that the syscall is going away.
> 
> Has anyone asked the question if the folks working on checkpoint/restart
> are going to need this.
> 
> This seems like important information to know if you want to checkpoint
> a process.

I have no idea if the CRIU and DMTCP folks care about this. I've added
some folks related to those projects to the Cc list.

> 
> Eric
> 
> > Suggested-by: Thomas Gleixner <tglx@...utronix.de>
> > Signed-off-by: Kees Cook <keescook@...omium.org>
> > ---
> > v2:
> >  - add note to feature-removal-schedule.txt.
> > ---
> >  Documentation/feature-removal-schedule.txt |   10 ++++++++++
> >  kernel/futex.c                             |    2 ++
> >  kernel/futex_compat.c                      |    2 ++
> >  3 files changed, 14 insertions(+), 0 deletions(-)
> >
> > diff --git a/Documentation/feature-removal-schedule.txt b/Documentation/feature-removal-schedule.txt
> > index 4bfd982..e3bf119 100644
> > --- a/Documentation/feature-removal-schedule.txt
> > +++ b/Documentation/feature-removal-schedule.txt
> > @@ -543,3 +543,13 @@ When:	3.5
> >  Why:	The old kmap_atomic() with two arguments is deprecated, we only
> >  	keep it for backward compatibility for few cycles and then drop it.
> >  Who:	Cong Wang <amwang@...hat.com>
> > +
> > +----------------------------
> > +
> > +What:	get_robust_list syscall
> > +When:	2013
> > +Why:	There appear to be no production users of the get_robust_list syscall,
> > +	and it runs the risk of leaking address locations, allowing the bypass
> > +	of ASLR. It was only ever intended for debugging, so it should be
> > +	removed.

So I've looked in glibc, gdb, and DMTCP. The description of the intended
use of get_robust_list() is accurate. However the benefit of ASLR is
less clear when it comes to the robust list. In glibc the robust list is
only used from NPTL. The robust list head is in struct pthread which can be
obtained from pthread_self() anyway. Thus I think ASLR doesn't really help
obfuscate the robust futex list unless the program is using robust futexes
without the aid of glibc.

Cheers,
	-Matt Helsley

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ