| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Nov 2015 13:52:10 -0800 From: Kees Cook <keescook@...omium.org> To: Ingo Molnar <mingo@...nel.org>, Heiko Carstens <heiko.carstens@...ibm.com>, Michael Ellerman <mpe@...erman.id.au>, "James E.J. Bottomley" <jejb@...isc-linux.org>, Catalin Marinas <catalin.marinas@....com>, Russell King - ARM Linux <linux@....linux.org.uk> Cc: LKML <linux-kernel@...r.kernel.org>, Andy Lutomirski <luto@...capital.net>, "H. Peter Anvin" <hpa@...or.com>, Mathias Krause <minipli@...glemail.com>, Ingo Molnar <mingo@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, "x86@...nel.org" <x86@...nel.org>, Arnd Bergmann <arnd@...db.de>, PaX Team <pageexec@...email.hu>, Emese Revfy <re.emese@...il.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, linux-arch <linux-arch@...r.kernel.org> Subject: Re: [PATCH v2 1/4] init: create cmdline param to disable readonly On Wed, Nov 25, 2015 at 11:51 PM, Ingo Molnar <mingo@...nel.org> wrote: > * Kees Cook <keescook@...omium.org> wrote: >> +#ifdef CONFIG_DEBUG_RODATA > > Btw., could you please remove the Kconfig option altogether in an additional patch > and make read-only sections an always-on feature? It has been default-y for years > and all distros have it enabled. Yeah, this is something I've wanted to do for a while, but I would point out that only a few architectures have actually implemented it, and for arm and arm64 it was very recent: $ git grep 'config DEBUG_RODATA' arch/arm/mm/Kconfig:config DEBUG_RODATA arch/arm64/Kconfig.debug:config DEBUG_RODATA arch/parisc/Kconfig.debug:config DEBUG_RODATA arch/x86/Kconfig.debug:config DEBUG_RODATA I think s390 already has strict kernel memory permissions, but they set it up ahead of time. And now, I see in reading the parisc tree, they do too, and mark_rodata_ro() is effectively a no-op. How does powerpc handle permissions for kernel rodata? For parisc (and maybe powerpc and s390) we'll need additional changes to support __ro_after_init, since they may be making the ro section ro _before_ init runs. But, that's okay since this series only uses __ro_after_init on x86 for the moment. ;) > The 'debug rodata' naming is purely historic: this started out as a simple > debugging feature, but meanwhile it has spread and has become an essential kernel > robustness feature. I agree completely. I suspect I would turn this into ARCH_HAS_STRICT_KERNMEM or something. -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists