lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Nov 2015 16:47:37 -0800 From: Kees Cook <keescook@...omium.org> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Daniel Cashman <dcashman@...roid.com>, LKML <linux-kernel@...r.kernel.org>, Russell King - ARM Linux <linux@....linux.org.uk>, Ingo Molnar <mingo@...nel.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org>, Jonathan Corbet <corbet@....net>, Don Zickus <dzickus@...hat.com>, "Eric W. Biederman" <ebiederm@...ssion.com>, Heinrich Schuchardt <xypron.glpk@....de>, jpoimboe@...hat.com, "Kirill A. Shutemov" <kirill.shutemov@...ux.intel.com>, n-horiguchi@...jp.nec.com, Andrea Arcangeli <aarcange@...hat.com>, Mel Gorman <mgorman@...e.de>, Thomas Gleixner <tglx@...utronix.de>, David Rientjes <rientjes@...gle.com>, Linux-MM <linux-mm@...ck.org>, "linux-doc@...r.kernel.org" <linux-doc@...r.kernel.org>, Mark Salyzyn <salyzyn@...roid.com>, Jeffrey Vander Stoep <jeffv@...gle.com>, Nick Kralevich <nnk@...gle.com>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will.deacon@....com>, "H. Peter Anvin" <hpa@...or.com>, "x86@...nel.org" <x86@...nel.org>, Hector Marco <hecmargi@....es>, Borislav Petkov <bp@...e.de>, Daniel Cashman <dcashman@...gle.com> Subject: Re: [PATCH v3 1/4] mm: mmap: Add new /proc tunable for mmap_base ASLR. On Tue, Nov 24, 2015 at 4:40 PM, Andrew Morton <akpm@...ux-foundation.org> wrote: > On Wed, 18 Nov 2015 15:20:05 -0800 Daniel Cashman <dcashman@...roid.com> wrote: > >> --- a/kernel/sysctl.c >> +++ b/kernel/sysctl.c >> @@ -1568,6 +1568,28 @@ static struct ctl_table vm_table[] = { >> .mode = 0644, >> .proc_handler = proc_doulongvec_minmax, >> }, >> +#ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS >> + { >> + .procname = "mmap_rnd_bits", >> + .data = &mmap_rnd_bits, >> + .maxlen = sizeof(mmap_rnd_bits), >> + .mode = 0644, > > Is there any harm in permitting the attacker to read these values? > > And is there any benefit in permitting non-attackers to read them? I'm on the fence. Things like kernel/randomize_va_space is 644. But since I don't see a benefit in exposing them, let's make them all 600 instead -- it's a new interface, better to keep it narrower now. > >> + .proc_handler = proc_dointvec_minmax, >> + .extra1 = &mmap_rnd_bits_min, >> + .extra2 = &mmap_rnd_bits_max, >> + }, >> +#endif >> +#ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS >> + { >> + .procname = "mmap_rnd_compat_bits", >> + .data = &mmap_rnd_compat_bits, >> + .maxlen = sizeof(mmap_rnd_compat_bits), >> + .mode = 0644, >> + .proc_handler = proc_dointvec_minmax, >> + .extra1 = &mmap_rnd_compat_bits_min, >> + .extra2 = &mmap_rnd_compat_bits_max, >> + }, >> +#endif >> >> ... >> >> +#ifdef CONFIG_HAVE_ARCH_MMAP_RND_BITS >> +int mmap_rnd_bits_min = CONFIG_ARCH_MMAP_RND_BITS_MIN; >> +int mmap_rnd_bits_max = CONFIG_ARCH_MMAP_RND_BITS_MAX; >> +int mmap_rnd_bits = CONFIG_ARCH_MMAP_RND_BITS; >> +#endif >> +#ifdef CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS >> +int mmap_rnd_compat_bits_min = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN; >> +int mmap_rnd_compat_bits_max = CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX; >> +int mmap_rnd_compat_bits = CONFIG_ARCH_MMAP_RND_COMPAT_BITS; > > These could be __read_mostly. > > If one believes in such things. One effect of __read_mostly is to > clump the write-often stuff into the same cachelines and I've never > been convinced that one outweighs the other... The _min and _max values should be const, actually, since they're build-time selected. The _bits could easily be __read_mostly, yeah. -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists