lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <f27a46b7-e26f-5b22-be24-9e275ca19036@redhat.com>
Date:   Wed, 1 Mar 2017 07:18:33 -0800
From:   Laura Abbott <labbott@...hat.com>
To:     Will Deacon <will.deacon@....com>
Cc:     Mark Rutland <mark.rutland@....com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Miles Chen <miles.chen@...iatek.com>,
        Catalin Marinas <catalin.marinas@....com>,
        linux-mediatek@...ts.infradead.org,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        "linux-arm-kernel@...ts.infradead.org" 
        <linux-arm-kernel@...ts.infradead.org>, wsd_upstream@...iatek.com
Subject: Re: [PATCH] arm64: dump: hide kernel pointers

On 02/28/2017 07:52 PM, Will Deacon wrote:
> On Tue, Feb 28, 2017 at 02:55:51PM -0800, Laura Abbott wrote:
>> On 02/28/2017 02:04 AM, Mark Rutland wrote:
>>> On Tue, Feb 28, 2017 at 08:42:51AM +0000, Ard Biesheuvel wrote:
>>>> On 28 February 2017 at 07:05, Miles Chen <miles.chen@...iatek.com> wrote:
>>>>> Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like
>>>>> /proc/vmallocinfo does.
>>>>>
>>>>> With sysctl kernel.kptr_restrict=0 or 1:
>>>>> cat /sys/kernel/debug/kernel_page_tables
>>>>
>>>> I wonder if this file should be accessible at all if kptr_restrict > 0
>>>
>>> I don't have strong feelings either way.
>>>
>>> This isn't typically enabled, and it's under debugfs, so this shouldn't
>>> be accessible by a typical user anyhow.
>>>
>>> That said, there are very few of us who need to take a look at this
>>> file. I'm happy to deal with attacking kptr_restrict when required.
>>>
>>
>> In the interest of security it's probably for the best to switch to the
>> restricted pointer. Who knows what might get enabled or forgotten about.
>> I don't like the idea of tying enablement of the file to kptr_restrict
>> though.
> 
> ... but it's also pretty weird to show the sizes, mapping type and
> permissions yet hide the virtual addresses. If you want to keep the file
> in spite of kptr_restrict, which bits are actually useful once the
> addresses are nobbled?
> 
> Will
> 

I'm not saying the file is really useful, I just don't think kptr_restrict
is the right mechanism for this. The current documented purpose is for printk
formatting only and trying to double use that seems likely to confuse 
people if others start following the pattern elsewhere in the kernel.
A separate knob might be cleaner.

Thanks,
Laura

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ