lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 Jul 2014 16:15:07 -0400 From: Dave Jones <davej@...hat.com> To: Andy Lutomirski <luto@...capital.net> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Julien Tinnes <jln@...gle.com>, David Drysdale <drysdale@...gle.com>, Al Viro <viro@...iv.linux.org.uk>, Paolo Bonzini <pbonzini@...hat.com>, LSM List <linux-security-module@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Paul Moore <paul@...l-moore.com>, James Morris <james.l.morris@...cle.com>, Linux API <linux-api@...r.kernel.org>, Meredydd Luff <meredydd@...atehouse.org>, Christoph Hellwig <hch@...radead.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Kees Cook <keescook@...omium.org>, "Theodore Ts'o" <tytso@....edu>, Henrique de Moraes Holschuh <hmh@....eng.br>, linux-crypto@...r.kernel.org Subject: Re: General flags to turn things off (getrandom, pid lookup, etc) On Fri, Jul 25, 2014 at 11:30:48AM -0700, Andy Lutomirski wrote: > There is recent interest in having a way to turn generally-available > kernel features off. Maybe we should add a good one so we can stop > bikeshedding and avoid proliferating dumb interfaces. > > Things that might want to be turn-off-able include: > - getrandom with GRND_RANDOM [from the getrandom threads] > - Any lookup of a non-self pid [from the capsicum thread] > - Any lookup of a pid outside the caller thread group [capsicum] > - Various architectural things (personal wishlist), e.g.: > - RDTSC and userspace HPET access > - CPUID? > - 32-bit GDT code segments [huge attack surface] > - 64-bit GDT code segments [probably pointless] I'm not sure there's value in disabling cpuid dev interface, when the instruction is unprivileged. > I would propose a new syscall for this: > > long restrict_userspace(int mode, int type, int value, int flags); do the restrictions happen system-wide like in say SELinux, or only within the calling process, like seccomp ? Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists