lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Oct 2012 11:39:27 -0700 From: Kees Cook <keescook@...omium.org> To: David Rientjes <rientjes@...gle.com> Cc: linux-kernel@...r.kernel.org, Andrew Morton <akpm@...ux-foundation.org>, Minchan Kim <minchan@...nel.org>, Joe Perches <joe@...ches.com>, Kautuk Consul <consul.kautuk@...il.com>, linux-mm@...ck.org, Brad Spengler <spender@...ecurity.net> Subject: Re: [PATCH] mm: use %pK for /proc/vmallocinfo On Wed, Oct 3, 2012 at 11:02 AM, David Rientjes <rientjes@...gle.com> wrote: > On Wed, 3 Oct 2012, Kees Cook wrote: > >> > So root does echo 0 > /proc/sys/kernel/kptr_restrict first. Again: what >> > are you trying to protect? >> >> Only CAP_SYS_ADMIN can change the setting. This is, for example, for >> containers, or other situations where a uid 0 process lacking >> CAP_SYS_ADMIN cannot see virtual addresses. It's a very paranoid case, >> yes, but it's part of how this feature was designed. Think of it as >> supporting the recent uid 0 vs ring 0 boundary. :) >> > > The intention of /proc/vmallocinfo being S_IRUSR is obviously to only > allow root to read this information to begin with, so if root lacks > CAP_SYS_ADMIN then it seems the best fix would be to return an empty file > on read()? Or give permission to everybody to read it but only return a > positive count when they have CAP_SYS_ADMIN? > > There's no need to make this so convoluted that you need to have the right > combination of uid, kptr_restrict, CAP_SYS_ADMIN, and CAP_SYSLOG to get > anything valuable out of this file, though. Well, the existing mechanism is using %pK. I see no reason to add additional complexity. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists