| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4bd2aea0-3cea-4ef8-9607-40447cd531e5@intel.com> Date: Thu, 14 Mar 2024 10:54:18 -0700 From: Dave Hansen <dave.hansen@...el.com> To: Aruna Ramakrishna <aruna.ramakrishna@...cle.com>, linux-kernel@...r.kernel.org Cc: x86@...nel.org, dave.hansen@...ux.intel.com, tglx@...utronix.de Subject: Re: [RFC PATCH] x86/pkeys: update PKRU to enable pkey 0 before XSAVE On 3/14/24 10:29, Aruna Ramakrishna wrote: > This patch is a workaround for a bug where the PKRU value is not > restored to the init value before the signal handler is invoked. I don't think we should touch this with a ten foot pole without a test for it in tools/testing/selftests/mm/protection_keys.c. I'm not sure this is worth the trouble. Protection keys is not a security feature. This isn't a regression. It's been the behavior since day one. This really is a feature request for a behavioral improvement, not a bug fix. The need for this new feature is highly dependent on the threat model that it supports. I'm highly dubious that there's a true need to protect against an attacker with arbitrary write access in the same address space. We need to have a lot more information there. I haven't even more than glanced at the code. It looks pretty unspeakably ugly even at a glance.
Powered by blists - more mailing lists