lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 06 Mar 2020 12:33:44 -0600
From:   Scott Wood <oss@...error.net>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Kees Cook <keescook@...omium.org>, Jason Yan <yanaijie@...wei.com>,
        Petr Mladek <pmladek@...e.com>,
        Steven Rostedt <rostedt@...dmis.org>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        lkml <linux-kernel@...r.kernel.org>,
        "Tobin C . Harding" <tobin@...nel.org>,
        Daniel Axtens <dja@...ens.net>
Subject: Re: [PATCH v3 0/6] implement KASLR for powerpc/fsl_booke/64

On Thu, 2020-03-05 at 12:51 -0600, Linus Torvalds wrote:
> On Wed, Mar 4, 2020 at 3:16 PM Scott Wood <oss@...error.net> wrote:
> > 
> > The frustration is with the inability to set a flag to say, "I'm debugging
> > and
> > don't care about leaks... in fact I'd like as much information as possible
> > to
> > leak to me."
> 
> Well, I definitely don't want to tie it to "I turned off kaslr in
> order to help debugging". That just means that now you're debugging a
> kernel that is fundamentally different from what people are running.

One shouldn't *test* with something different from what people are running but
once a problem has been identified I don't see the problem with changing the
kernel to make diagnosis easier (assuming the problem is reproduceable). 
Though I suppose one could just locally apply a "no pointer hashing" patch
when debugging...

> So I'd much rather have people just set a really magic flag, perhaps
> when kgdb is in use or something.
> 
> > In any case, this came up now due to a question about what to use when
> > printing crash dumps.  PowerPC currently prints stack and return addresses
> > with %lx (in addition to %pS in the latter case) and someone proposed
> > converting them to %p and/or removing them altogether.
> 
> Please just use '%pS'.
> 
> The symbol and offset is what is useful when users send crash-dumps.
> The hex value is entirely pointless with kaslr - which should
> basically be the default.
> 
> Note that this isn't about security at that point - crash dumps are
> something that shouldn't happen, but if they do happen, we want the
> pointers. But the random hex value just isn't _useful_, so it's just
> making things less legible.

Losing %lx on the return address would be a minor annoyance (harder to verify
that you're looking at the right stack frame in a dump, more steps to look up
the line number when modules and kaslr aren't involved, etc), but %pS doesn't
help with stack addresses themselves -- and yes, digging into the actual stack
data (via kdump, external debugger, etc.) is sometimes useful.  Maybe
condition it on it being an actual crash dump and not some other caller of
show_stack()?

-Scott

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ