| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160810230645.GP1041@n2100.armlinux.org.uk> Date: Thu, 11 Aug 2016 00:06:45 +0100 From: Russell King - ARM Linux <linux@...linux.org.uk> To: Arnd Bergmann <arnd@...db.de> Cc: linux-arm-kernel@...ts.infradead.org, Kees Cook <keescook@...omium.org>, linux-arch <linux-arch@...r.kernel.org>, Ard Biesheuvel <ard.biesheuvel@...aro.org>, "x86@...nel.org" <x86@...nel.org>, LKML <linux-kernel@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Andrew Morton <akpm@...ux-foundation.org>, Mathias Krause <minipli@...glemail.com> Subject: Re: [PATCH 2/2] arm: apply more __ro_after_init On Wed, Aug 10, 2016 at 09:41:23PM +0200, Arnd Bergmann wrote: > It might be better to start by making the fixed mapping readonly, > as KASLR doesn't protect that one at all, and change the TLS > code accordingly. I think that's impossible, because we gave userspace permission to read 0xffff0ff0 directly without using __kuser_get_tls. You're talking about potentially breaking userspace. If you disable kuser helpers, then the page becomes read-only and invisible to userspace anyway. So, everything is being done there which can be done - if you have kuser helpers enabled, then you lose some opportunities for these security improvements. -- RMK's Patch system: http://www.armlinux.org.uk/developer/patches/ FTTC broadband for 0.8mile line: currently at 9.6Mbps down 400kbps up according to speedtest.net.
Powered by blists - more mailing lists