lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20151002072643.GA5035@gmail.com>
Date:	Fri, 2 Oct 2015 09:26:44 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	Borislav Petkov <bp@...en8.de>
Cc:	Kees Cook <keescook@...omium.org>,
	Stephen Smalley <sds@...ho.nsa.gov>,
	"x86@...nel.org" <x86@...nel.org>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: [RFC][PATCH] x86/mm: warn on W+x mappings


* Borislav Petkov <bp@...en8.de> wrote:

> On Thu, Oct 01, 2015 at 12:24:25PM -0700, Kees Cook wrote:
> > On Thu, Oct 1, 2015 at 9:28 AM, Stephen Smalley <sds@...ho.nsa.gov> wrote:
> > > Warn on any residual W+x mappings if X86_PTDUMP is enabled.
> > >
> > > Sample dmesg output:
> > > Checking for W+x mappings
> > > 0xffffffff81755000-0xffffffff81800000         684K     RW                 GLB x  pte
> > > Found W+x mappings.  Please fix.
> > >
> > > Signed-off-by: Stephen Smalley <sds@...ho.nsa.gov>
> > > ---
> > > Not sure if this is the best place to put this check.
> > > It must occur after free_init_pages() or it won't catch the
> > > W+x case for the gap between __ex_table and rodata.
> > 
> > Yeah. Hmm. I want this test for sure, but I'd like to be able to do with 
> > without needing PTDUMP, since that puts a very sensitive file in debugfs. I 
> > wonder if we can reuse the same code, but only expose the page tables to 
> > userspace with PTDUMP?
> 
> So make it a debugging option like CONFIG_EFI_PGT_DUMP and let it dump the 
> pagetable in dmesg during boot, at the exact point you want it to. Then one can 
> grep dmesg for W+x bits or whatever else...

It's better to generate a WARN()ing programmatically if the W+X condition occurs, 
that gets noticed by tools and people alike. I'd like to start treating that 
condition as a hard kernel bug.

A dump in dmesg is subject to random noise by printk crusaders and is also subject 
to general bitrot, nor does it provide any ready warning to act upon.

Adding an extra debug option is a good idea (just please don't put 'EFI' into the 
name - this isn't really EFI related), to not generate the debugfs node.

I'd even add this debug check as default-enabled in the x86 defconfigs, so that my 
own continuous kernel testing kit picks up any new warnings from it.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ