lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFxt1iqJXW=bsETugWVxj9LwZXkq0FT836YMJVsRP9juEQ@mail.gmail.com>
Date:	Wed, 7 Aug 2013 12:26:16 -0700
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	Grazvydas Ignotas <notasas@...il.com>
Cc:	Oleg Nesterov <oleg@...hat.com>,
	Felipe Contreras <felipe.contreras@...il.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Ingo Molnar <mingo@...e.hu>,
	Denys Vlasenko <dvlasenk@...hat.com>
Subject: Re: [PATCH 0/1] (Was: Linux 3.11-rc4)

On Wed, Aug 7, 2013 at 5:05 AM, Grazvydas Ignotas <notasas@...il.com> wrote:
>
> Personally I'd say the kernel should not limit what's written to debug
> registers. Why can't I write insane values to registers in _my_
> hardware? It's not like it's going to break the hardware or anything.

It may be your hardware, but do you know what might be running on it?
It's a security issue: setting debug traps on kernel code/data
addresses can not only leak information, it can cause serious trouble
(taking a debug trap on the first instruction of an NMI handler etc)
including kernel stack corruption...

You do want the kernel to give you file permission checking even
though it's "your machine", don't you? Very similar thing.

The fact that windows allows it is kind of irrelevant. They aren't
exactly known for caring deeply.

               Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ