| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Apr 2016 03:39:05 -0400 From: Emrah Demir <ed@...sec.com> To: Kees Cook <keescook@...omium.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Dan Rosenberg <dan.j.rosenberg@...il.com>, kernel-hardening@...ts.openwall.com, Dave Jones <davej@...hat.com>, keescook@...gle.com Subject: Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file On 2016-04-14 00:27, Kees Cook wrote: > On Wed, Apr 6, 2016 at 2:19 PM, Linus Torvalds > <torvalds@...ux-foundation.org> wrote: >> On Wed, Apr 6, 2016 at 10:54 AM, Linus Torvalds >> <torvalds@...ux-foundation.org> wrote: >>> >>> So I'd find a patch like the attached to be perfectly acceptable (in >>> fact, we should have done this long ago). >> >> I just committed it, let's see if some odd program uses the iomem >> data. I doubt it, and I always enjoy improvements that remove more >> lines of code than they add. > > Hrm, it looks like at least Ubuntu's kernel security test suite > expects to find these entries (when it verifies that STRICT_DEVMEM > hasn't regressed). Also, the commit only removed the entries on x86. > Most (all?) of the other architectures still have them. Could you > revert this for now, and I'll cook up a %pK-based solution for -next? > Actually, I have realized that this patch (Linus's patch) was for x86. I was planning to code the same for other architectures. It seems your method is better. %pK will zero other values in /proc/iomem. Perhaps Ubuntu patch might be a good option.
Powered by blists - more mailing lists