lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200524211945.GX33628@sasha-vm>
Date:   Sun, 24 May 2020 17:19:45 -0400
From:   Sasha Levin <sashal@...nel.org>
To:     hpa@...or.com
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Don Porter <porter@...unc.edu>,
        Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        Andi Kleen <ak@...ux.intel.com>, linux-kernel@...r.kernel.org,
        bp@...en8.de, luto@...nel.org, dave.hansen@...el.com,
        tony.luck@...el.com, ravi.v.shankar@...el.com,
        chang.seok.bae@...el.com
Subject: Re: Re: [PATCH v12 00/18] Enable FSGSBASE instructions

On Sun, May 24, 2020 at 12:45:18PM -0700, hpa@...or.com wrote:
>There are legitimate reasons to write a root-hole module, the main one being able to test security features like SMAP. I have requested before a TAINT flag specifically for this purpose, because TAINT_CRAP is nowhere near explicit enough, and is also used for staging drivers. Call it TAINT_TOXIC or TAINT_ROOTHOLE; it should always be accompanied with a CRIT level alert.

What I don't like about our current system of TAINT_* flags is that
while we can improve it as much as we want, no one outside of the kernel
tree seems to be using it. While Thomas may have been commenting on
Graphene's behaviour, look at any other code that did the same thing:

- Graphene: https://github.com/oscarlab/graphene-sgx-driver/blob/master/gsgx.c
- Occlum: https://github.com/occlum/enable_rdfsbase/blob/master/enable_rdfsbase.c
- SGX-LKL: https://github.com/lsds/sgx-lkl/blob/master/tools/kmod-set-fsgsbase/mod_set_cr4_fsgsbase.c

None of which set even the CRAP flag.

-- 
Thanks,
Sasha

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ