| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <35bac572-14cc-d7c3-f788-1120c7431fb4@infradead.org>
Date: Mon, 5 Nov 2018 11:52:08 -0800
From: Randy Dunlap <rdunlap@...radead.org>
To: Casey Schaufler <casey.schaufler@...el.com>,
kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov,
dave.hansen@...el.com, deneen.t.dock@...el.com,
kristen@...ux.intel.com, arjan@...ux.intel.com
Subject: Re: [PATCH v6 5/5] sidechannel: Linux Security Module for sidechannel
Hi:
On 11/5/18 11:05 AM, Casey Schaufler wrote:
> diff --git a/security/sidechannel/Kconfig b/security/sidechannel/Kconfig
> new file mode 100644
> index 000000000000..653033027415
> --- /dev/null
> +++ b/security/sidechannel/Kconfig
> @@ -0,0 +1,13 @@
> +config SECURITY_SIDECHANNEL
> + bool "Sidechannel attack safety extra checks"
> + depends on SECURITY
> + default n
Please drop the "default n" since it is already the default value.
> + help
> + Look for a variety of cases where a side-channel attack
> + could potentially be exploited. Instruct the switching
> + code to use the indirect_branch_prediction_barrier in
> + cases where the passed task and the current task may be
> + at risk.
> +
> + If you are unsure how to answer this question, answer N.
Use tab + 2 spaces to indent the line above.
> +
thanx.
--
~Randy
Powered by blists - more mailing lists