lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1401329367.13555.25.camel@localhost>
Date:	Wed, 28 May 2014 22:09:27 -0400
From:	Eric Paris <eparis@...hat.com>
To:	Andy Lutomirski <luto@...capital.net>
Cc:	Philipp Kern <pkern@...gle.com>,
	"H. Peter Anvin" <hpa@...ux.intel.com>,
	linux-kernel@...r.kernel.org, "H. J. Lu" <hjl.tools@...il.com>,
	security@...nel.org, greg@...ah.com, linux-audit@...hat.com
Subject: Re: [PATCH v2 2/2] audit: Mark CONFIG_AUDITSYSCALL BROKEN and
 update help text

NAK

On Wed, 2014-05-28 at 18:44 -0700, Andy Lutomirski wrote:
> Here are some issues with the code:
>  - It thinks that syscalls have four arguments.

Not true at all.  It records the registers that would hold the first 4
entries on syscall entry, for use later if needed, as getting those
later on some arches is not feasible (see ia64).  It makes no assumption
about how many syscalls a function has.

>  - It's a performance disaster.

Only if you enable it.  If you don't use audit it is a single branch.
Hardly a disaster.

>  - It assumes that syscall numbers are between 0 and 2048.

There could well be a bug here.  Not questioning that.  Although that
would be patch 1/2

>  - It's unclear whether it's supposed to be reliable.

Unclear to whom?

>  - It's broken on things like x32.
>  - It can't support ARM OABI.

Some arches aren't supported?  And that makes it BROKEN?  

>  - Its approach to freeing memory is terrifying.

What?

None of your reasons hold water.  Bugs need to be fixed.  Try reporting
them...  This is just stupid.

> Signed-off-by: Andy Lutomirski <luto@...capital.net>
> ---
>  init/Kconfig | 13 ++++++++-----
>  1 file changed, 8 insertions(+), 5 deletions(-)
> 
> diff --git a/init/Kconfig b/init/Kconfig
> index 9d3585b..24d4b53 100644
> --- a/init/Kconfig
> +++ b/init/Kconfig
> @@ -296,13 +296,16 @@ config HAVE_ARCH_AUDITSYSCALL
>  	bool
>  
>  config AUDITSYSCALL
> -	bool "Enable system-call auditing support"
> -	depends on AUDIT && HAVE_ARCH_AUDITSYSCALL
> +	bool "Enable system-call auditing support (not recommended)"
> +	depends on AUDIT && HAVE_ARCH_AUDITSYSCALL && BROKEN
>  	default y if SECURITY_SELINUX
>  	help
> -	  Enable low-overhead system-call auditing infrastructure that
> -	  can be used independently or with another kernel subsystem,
> -	  such as SELinux.
> +	  Enable system-call auditing infrastructure that can be used
> +	  independently or with another kernel subsystem, such as
> +	  SELinux.
> +
> +	  AUDITSYSCALL has serious performance and correctness issues.
> +	  Use it with extreme caution.
>  
>  config AUDIT_WATCH
>  	def_bool y


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ