| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAKbZUD0TAX8F9kDCEEvGSbcegDD4GLyra3ewtxncBbs45WJZ3g@mail.gmail.com> Date: Wed, 12 Feb 2025 12:37:50 +0000 From: Pedro Falcato <pedro.falcato@...il.com> To: Lorenzo Stoakes <lorenzo.stoakes@...cle.com> Cc: jeffxu@...omium.org, akpm@...ux-foundation.org, keescook@...omium.org, jannh@...gle.com, torvalds@...ux-foundation.org, vbabka@...e.cz, Liam.Howlett@...cle.com, adhemerval.zanella@...aro.org, oleg@...hat.com, avagin@...il.com, benjamin@...solutions.net, linux-kernel@...r.kernel.org, linux-hardening@...r.kernel.org, linux-mm@...ck.org, jorgelo@...omium.org, sroettger@...gle.com, hch@....de, ojeda@...nel.org, thomas.weissschuh@...utronix.de, adobriyan@...il.com, johannes@...solutions.net, hca@...ux.ibm.com, willy@...radead.org, anna-maria@...utronix.de, mark.rutland@....com, linus.walleij@...aro.org, Jason@...c4.com, deller@....de, rdunlap@...radead.org, davem@...emloft.net, peterx@...hat.com, f.fainelli@...il.com, gerg@...nel.org, dave.hansen@...ux.intel.com, mingo@...nel.org, ardb@...nel.org, mhocko@...e.com, 42.hyeyoo@...il.com, peterz@...radead.org, ardb@...gle.com, enh@...gle.com, rientjes@...gle.com, groeck@...omium.org, mpe@...erman.id.au, aleksandr.mikhalitsyn@...onical.com, mike.rapoport@...il.com Subject: Re: [RFC PATCH v5 0/7] mseal system mappings On Wed, Feb 12, 2025 at 11:25 AM Lorenzo Stoakes <lorenzo.stoakes@...cle.com> wrote: > > On Wed, Feb 12, 2025 at 03:21:48AM +0000, jeffxu@...omium.org wrote: > > From: Jeff Xu <jeffxu@...omium.org> > > > > The commit message in the first patch contains the full description of > > this series. > > Sorry to nit, but it'd be useful to reproduce in the cover letter too! But > this obviously isn't urgent, just be nice when we un-RFC. > > Thanks for sending as RFC, appreciated, keen to figure out a way forward > with this series and this gives us space to discuss. > > One thing that came up recently with the LWN article (...!) was that rr is > also impacted by this [0]. > > I think with this behind a config flag we're fine (this refers to my > 'opt-in' comment in the reply on LWN) as my concerns about this being > enabled in a broken way without an explicit kernel configuration are > addressed, and actually we do expose a means by which a user can detect if > the VDSO for instance is sealed via /proc/$pid/[s]maps. > > So tools like rr and such can be updated to check for this. I wonder if we > ought to try to liaise with the known problematic ones? > > It'd be nice to update the documentation to have a list of 'known > problematic userland software with sealed VDSO' so we make people aware. > > Hopefully we are acheiving the opt-in nature of the thing here, but it > makes me wonder whether we need a prctl() interface to optionally disable > even if the system has it enabled as a whole. Just noting that (as we discussed off-list) doing prctl() would not work, because that would effectively be an munseal for those vdso regions. Possibly something like a personality() flag (that's *not* inherited when AT_SECURE/secureexec). But personalities have other issues... FWIW, although it would (at the moment) be hard to pull off in the libc, I still much prefer it to playing these weird games with CONFIG options and kernel command line options and prctl and personality and whatnot. It seems to me like we're trying to stick policy where it doesn't belong. -- Pedro
Powered by blists - more mailing lists