lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAONX=-fJHgfGkwR5A1MT+8FHckueehOsUS_LyHkjrgp4Y+vOgw@mail.gmail.com>
Date:   Tue, 19 Jul 2022 09:42:26 +1000
From:   Daniil Lunev <dlunev@...omium.org>
To:     Zdenek Kabelac <zdenek.kabelac@...il.com>
Cc:     Mikulas Patocka <mpatocka@...hat.com>, dm-devel@...hat.com,
        Mike Snitzer <snitzer@...nel.org>,
        Brian Geffon <bgeffon@...gle.com>,
        Alasdair Kergon <agk@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [dm-devel] [PATCH 1/1] dm: add message command to disallow device open

We understand that if someone acquires root it is a game over. The intent of
this mechanism is to reduce the attack surface. The exposure might be a
certain system daemon that is exploited into accessing a wrong node in
the filesystem. And exposing modifiable system memory is a pathway for
further escalation and leaks of secrets. This is a defense in depth mechanism,
that is intended to make attackers' lives harder even if they find an
exploitable
vulnerability.
We understand that in regular situations people may not want the behaviour,
that is why the mechanism is controlled via a side channel - if a message is
never sent - the behaviour is not altered.
--Daniil

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ