lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150514104127.GA31892@x>
Date:	Thu, 14 May 2015 03:41:28 -0700
From:	Josh Triplett <josh@...htriplett.org>
To:	Arjan van de Ven <arjanvandeven@...il.com>
Cc:	Ingo Molnar <mingo@...nel.org>,
	Alex Henrie <alexhenrie24@...il.com>,
	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>,
	Kees Cook <keescook@...omium.org>,
	"H . Peter Anvin" <hpa@...or.com>, Doug Johnson <dougvj@...il.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] x86: Preserve iopl on fork and execve

On Tue, May 12, 2015 at 08:25:59AM -0700, Arjan van de Ven wrote:
> > also the interesting question is:
> > can a process give up these perms?
> > otherwise it becomes a "once given, never gotten rid of" hell hole.
> 
> If you look at a modern linux distro, nothing should need/use iopl and
> co anymore, so maybe an interesting
> question is if we can stick these behind a CONFIG_ option (default on
> of course for compatibility)... just like
> some of the /dev/mem like things are now hidable for folks who know
> they don't need them.

I have a patch series that does exactly that, compiling out the syscalls
as well as the underlying architecture-specific infrastructure.  (Saves
quite a bit of space, too.)

It still needs some more detailed x86 architecture review.  Peter, Ingo?
Would you be interested in taking (an updated version of) that patch
series for the next merge window?

- Josh Triplett
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ