| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Oct 2020 12:56:34 +0100
From: Michael Weiß <michael.weiss@...ec.fraunhofer.de>
To: Thomas Gleixner <tglx@...utronix.de>,
Andrei Vagin <avagin@...il.com>,
Christian Brauner <christian.brauner@...ntu.com>
CC: Dmitry Safonov <0x7f454c46@...il.com>,
<linux-kernel@...r.kernel.org>,
"J . Bruce Fields" <bfields@...ldses.org>,
Chuck Lever <chuck.lever@...cle.com>,
Trond Myklebust <trond.myklebust@...merspace.com>,
Anna Schumaker <anna.schumaker@...app.com>
Subject: Re: [PATCH v4 2/3] fs/proc: apply the time namespace offset to
/proc/stat btime
Thomas,
On 26.10.20 11:28, Thomas Gleixner wrote:
> On Mon, Oct 19 2020 at 21:52, Michael Weiß wrote:
>
>> '/proc/stat' provides the field 'btime' which states the time stamp of
>> system boot in seconds. In case of time namespaces, the offset to the
>> boot time stamp was not applied earlier. However, in container
>> runtimes which utilize time namespaces to virtualize boottime of a
>> container, this leaks information about the host system boot time.
>
> Not sure if that qualifies as a leak. The point is that it confuses the
> tasks which are in a different time universe.
>
>From a container isolation perspective this could be interpreted as an
information leak, if you want to hide the host systems boot time form
users inside of the container.
However, since proc is not totally isolated concerning host system
information inside of namespaces, I agree to your point.
I will take this into account when preparing v5.
When amending the tags I will also updated this passage and remove the
leak statement.
Thanks,
Michael
Powered by blists - more mailing lists