| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 20 Dec 2016 11:48:46 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Jiri Kosina <jikos@...nel.org>
Cc: NeilBrown <neilb@...e.com>, kernel-hardening@...ts.openwall.com,
linux-kernel@...r.kernel.org
Subject: Re: [RFC 0/4] make call_usermodehelper a bit more "safe"
On Tue, Dec 20, 2016 at 11:31:57AM +0100, Jiri Kosina wrote:
> On Tue, 20 Dec 2016, Jiri Kosina wrote:
>
> > I stay totally unconvinced that such kind of countermeasure brings any
> > value whatsoever. Could you please bring up a particular usecase, where
> > you have complete control over kernel memory, and still the only
> > possible exploit factor is redirecting usermodhelper? It feels like
> > rather random shot into darkness.
>
> If we want to make usermod helper really secure, perhaps the best way to
> go would be to completely nuke it and handle everyhting in udev; that'd be
> quite some work though, especially so that we don't break all the corner
> cases of module autoloading (request_module() and such).
In talking about this with others, I like Neil's approach of just
calling out to a statically-defined single binary to handle all of the
specifics. Using something like busybox/toybox to handle any usermode
helper issues would be a very simple way to deal with this on a large
number of systems (i.e. embedded devices / phones / chromebooks).
After I return from vacation, I'll respin this series based on that idea
and repost it.
thanks,
greg k-h
Powered by blists - more mailing lists