lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <874jsfqn6l.fsf@mpe.ellerman.id.au>
Date:   Wed, 25 Jan 2023 14:59:30 +1100
From:   Michael Ellerman <michaele@....ibm.com>
To:     Andrew Donnellan <ajd@...ux.ibm.com>,
        Nicholas Piggin <npiggin@...il.com>,
        linuxppc-dev@...ts.ozlabs.org, linux-integrity@...r.kernel.org
Cc:     sudhakar@...ux.ibm.com, bgray@...ux.ibm.com, erichte@...ux.ibm.com,
        gregkh@...uxfoundation.org, nayna@...ux.ibm.com,
        linux-kernel@...r.kernel.org, zohar@...ux.ibm.com,
        gjoyce@...ux.ibm.com, ruscur@...sell.cc, gcwilson@...ux.ibm.com,
        joel@....id.au
Subject: Re: [PATCH v4 21/24] powerpc/pseries: Pass PLPKS password on kexec

Andrew Donnellan <ajd@...ux.ibm.com> writes:
> On Tue, 2023-01-24 at 14:36 +1000, Nicholas Piggin wrote:
>> 
>> > +       prop = of_find_property(of_chosen, "ibm,plpks-pw", &len);
>> > +       if (prop) {
>> > +               ospasswordlength = (u16)len;
>> > +               ospassword = kzalloc(ospasswordlength, GFP_KERNEL);
>> > +               if (!ospassword) {
>> > +                       of_remove_property(of_chosen, prop);
>> > +                       return -ENOMEM;
>> > +               }
>> > +               memcpy(ospassword, prop->value, len);
>> > +               return of_remove_property(of_chosen, prop);
>> 
>> Why do you remove the property afterward?
>
> Because otherwise the password will be sitting around in /proc/device-
> tree for the world to go and read.

The above removes it from the unflattened tree, but it will still exist
in the flattened tree, which is readable by root in /sys/firmware/fdt.

I'm not sure if that's a major security problem, but it does seem risky.

To scrub it from the flat tree you'd need to have an early_init_dt style
routine that finds the password early, saves the value somewhere for the
plpks driver, and then zeroes out the value in the flat tree. See the
example of rng-seed in early_init_dt_scan_chosen().

cheers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ