lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 2 Feb 2021 14:51:00 -0800
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Steven Rostedt <rostedt@...dmis.org>
Cc:     Timur Tabi <timur@...nel.org>, Kees Cook <keescook@...omium.org>,
        Petr Mladek <pmladek@...e.com>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Linux-MM <linux-mm@...ck.org>,
        Matthew Wilcox <willy@...radead.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        roman.fietze@...na.com, John Ogness <john.ogness@...utronix.de>,
        Akinobu Mita <akinobu.mita@...il.com>
Subject: Re: [PATCH] lib/vsprintf: make-printk-non-secret printks all
 addresses as unhashed

On Tue, Feb 2, 2021 at 2:34 PM Steven Rostedt <rostedt@...dmis.org> wrote:
>
>   "I also suspect that everybody has already accepted that KASLR isn't
>    really working locally anyway (due to all the hw leak models with
>    cache and TLB timing), so anybody who can look at kernel messages
>    already probably could figure most of those things out."

Honestly, if you have to pass a kernel command line, and there's a big
notice in the kernel messages about this, I no longer care.

Because it means that people who _do_ care will know about it.

But I don't want it to be a kernel config option - if you do
debugging, and you want unhidden pointers, you can add it to the
kernel command line and make sure it's *your* choice and not some
random kernel config by somebody else (ie distro).

And yes, my opinion is that KASRL really only works remotely anyway. I
think we might as well accept that as a fact, and that it's unlikely
that hardware will be fixed in general, even if on _some_ hardware
might make it work better than it works in general.

Instead of fighting windmills, accept that KASRL is dead locally for
the "wide access" cases (ie not necessarily just "shell access", but
"local JIT of uncontrolled code"), but do it because the remote case
still matters, and because a lot of local accesses are fairly
constrained in that they do *not* give random code execution to the
local users (but that "fairly constrained" presumably also generally
means that they can't do dmesg).

             Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ