| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHse=S-UoSgLoV4nwv3rbTHZjdVWAy44AAXLVoZ7N4kynZwGJA@mail.gmail.com> Date: Sun, 27 Jul 2014 13:26:11 +0100 From: David Drysdale <drysdale@...gle.com> To: Andy Lutomirski <luto@...capital.net> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Julien Tinnes <jln@...gle.com>, Al Viro <viro@...iv.linux.org.uk>, Paolo Bonzini <pbonzini@...hat.com>, LSM List <linux-security-module@...r.kernel.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Paul Moore <paul@...l-moore.com>, James Morris <james.l.morris@...cle.com>, Linux API <linux-api@...r.kernel.org>, Meredydd Luff <meredydd@...atehouse.org>, Christoph Hellwig <hch@...radead.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Kees Cook <keescook@...omium.org>, "Theodore Ts'o" <tytso@....edu>, Henrique de Moraes Holschuh <hmh@....eng.br>, linux-crypto@...r.kernel.org Subject: Re: General flags to turn things off (getrandom, pid lookup, etc) On Fri, Jul 25, 2014 at 7:30 PM, Andy Lutomirski <luto@...capital.net> wrote: > [new thread because this sort of combines two threads] > > There is recent interest in having a way to turn generally-available > kernel features off. Maybe we should add a good one so we can stop > bikeshedding and avoid proliferating dumb interfaces. > > Things that might want to be turn-off-able include: > - getrandom with GRND_RANDOM [from the getrandom threads] > - Any lookup of a non-self pid [from the capsicum thread] > - Any lookup of a pid outside the caller thread group [capsicum] > - Various architectural things (personal wishlist), e.g.: > - RDTSC and userspace HPET access > - CPUID? > - 32-bit GDT code segments [huge attack surface] > - 64-bit GDT code segments [probably pointless] > > I would propose a new syscall for this: > > long restrict_userspace(int mode, int type, int value, int flags); > > mode is RESTRICT_SET, RESTRICT_GET, or RESTRICT_LOCK. > > type is RESTRICT_GRND_RANDOM, RESTRICT_PID_SCOPE, RESTRICT_X86_TIMING, etc. > > Value is zero if RESTRICT_GET. Otherwise value is the desired value, > generally 0 or 1. For RESTRICT_PID_SCOPE, value would be > RESTRICT_PID_SCOPE_ANY, RESTRICT_PID_SCOPE_THREADGROUP, or > RESTRICT_PID_SCOPE_SELF. > > flags must be zero. Someday, someone will propose a thread-sync flag. Today, me: proposed :-) > restrict_userspace requires either no_new_privs or CAP_SYS_ADMIN in > the current user namespace. > > Thoughts? > > --Andy > > -- > Andy Lutomirski > AMA Capital Management, LLC -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists