| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120726180709.09777a3b@pyramind.ukuu.org.uk> Date: Thu, 26 Jul 2012 18:07:09 +0100 From: Alan Cox <alan@...rguk.ukuu.org.uk> To: Anton Vorontsov <anton.vorontsov@...aro.org> Cc: Jason Wessel <jason.wessel@...driver.com>, Andrew Morton <akpm@...ux-foundation.org>, Steven Rostedt <rostedt@...dmis.org>, John Stultz <john.stultz@...aro.org>, arve@...roid.com, linux-kernel@...r.kernel.org, linaro-kernel@...ts.linaro.org, patches@...aro.org, kernel-team@...roid.com, kgdb-bugreport@...ts.sourceforge.net Subject: Re: [PATCH 6/7] kdb: Mark safe commands as KDB_SAFE and KDB_SAFE_NO_ARGS > The following commands were marked as "safe": > > Clear Breakpoint > Enable Breakpoint > Disable Breakpoint > Display exception frame > Stack traceback This is sufficient to steal cryptographic keys in many environments. In fact you merely need two or three breakpoints and to log the order they are hit through the crypto computation. > Display stack for process Exposes all sorts of user data unless you mean just the call trace, in which case it's still quite useful. > Display stack all processes Ditto > Send a signal to a process Like say sending SIGSTOP to security monitoring threads or the battery manager on locked devices that rely on software battery management ? It's an interesting idea but you need almost nothing to extract keys from a system or to subvert it. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists