| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKUFkX03dmRL9Kk0=OLjyB0+FAx6rGXAHke4Y-NVD0au01qkNg@mail.gmail.com> Date: Mon, 28 Oct 2024 22:59:56 -0700 From: Joao Moreira <joao@...rdrivepizza.com> To: "Constable, Scott D" <scott.d.constable@...el.com> Cc: "andrew.cooper3@...rix.com" <andrew.cooper3@...rix.com>, Peter Zijlstra <peterz@...radead.org>, Josh Poimboeuf <jpoimboe@...nel.org>, "x86@...nel.org" <x86@...nel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "Milburn, Alyssa" <alyssa.milburn@...el.com>, "jose.marchesi@...cle.com" <jose.marchesi@...cle.com>, "hjl.tools@...il.com" <hjl.tools@...il.com>, "ndesaulniers@...gle.com" <ndesaulniers@...gle.com>, "samitolvanen@...gle.com" <samitolvanen@...gle.com>, "nathan@...nel.org" <nathan@...nel.org>, "ojeda@...nel.org" <ojeda@...nel.org>, "kees@...nel.org" <kees@...nel.org>, "alexei.starovoitov@...il.com" <alexei.starovoitov@...il.com> Subject: Re: [PATCH 13/14] x86: BHI stubs On Mon, Oct 21, 2024 at 8:06 AM Constable, Scott D <scott.d.constable@...el.com> wrote: > > Hello Andrew, > > My understanding of the FineIBT approach is that the hash values are not intended to be secret, and therefore leaking these hash values would not expose a new risk. Joao is also on this thread and knows a lot more about FineIBT than I do, so he can chime in if my reasoning is unsound. Technically the hashes are not a secret indeed. With that said, I think it was Kees who submitted a patch that randomizes the hash values at boot time, as a security in depth / probabilistic measure against an attacker being able to generate executable valid targets. Tks, Joao
Powered by blists - more mailing lists