lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 15 Feb 2013 15:25:05 +0100 From: Jiri Slaby <jslaby@...e.cz> To: gregkh@...uxfoundation.org Cc: alan@...ux.intel.com, jirislaby@...il.com, linux-kernel@...r.kernel.org Subject: [PATCH] TTY: do not update atime/mtime on read/write On http://vladz.devzero.fr/013_ptmx-timing.php, we can see how to find out length of a password using timestamps of /dev/ptmx. It is documented in "Timing Analysis of Keystrokes and Timing Attacks on SSH". To avoid that problem, do not update time when reading from/writing to a TTY. I am afraid of regressions as this is a behavior we have since 0.97 and apps may expect the time to be current, e.g. for monitoring whether there was a change on the TTY. Now, there is no change. So this would better have a lot of testing before it goes upstream. Signed-off-by: Jiri Slaby <jslaby@...e.cz> References: CVE-2013-0160 --- drivers/tty/tty_io.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c index a86219c..8801385 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c @@ -980,8 +980,7 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count, else i = -EIO; tty_ldisc_deref(ld); - if (i > 0) - inode->i_atime = current_fs_time(inode->i_sb); + return i; } @@ -1082,11 +1081,8 @@ static inline ssize_t do_tty_write( break; cond_resched(); } - if (written) { - struct inode *inode = file->f_path.dentry->d_inode; - inode->i_mtime = current_fs_time(inode->i_sb); + if (written) ret = written; - } out: tty_write_unlock(tty); return ret; -- 1.8.1.2 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists