lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1289172456.3090.184.camel@Dan> Date: Sun, 07 Nov 2010 18:27:36 -0500 From: Dan Rosenberg <drosenberg@...curity.com> To: chas3@...rs.sourceforge.net Cc: Andi Kleen <andi@...stfloor.org>, Ted Ts'o <tytso@....edu>, Linus Torvalds <torvalds@...ux-foundation.org>, "davem@...emloft.net" <davem@...emloft.net>, "kuznet@....inr.ac.ru" <kuznet@....inr.ac.ru>, "pekkas@...core.fi" <pekkas@...core.fi>, "jmorris@...ei.org" <jmorris@...ei.org>, "yoshfuji@...ux-ipv6.org" <yoshfuji@...ux-ipv6.org>, "kaber@...sh.net" <kaber@...sh.net>, "remi.denis-courmont@...ia.com" <remi.denis-courmont@...ia.com>, "netdev@...r.kernel.org" <netdev@...r.kernel.org>, "security@...nel.org" <security@...nel.org> Subject: Re: [Security] [SECURITY] Fix leaking of kernel heap addresses via /proc Based on the feedback so far, I think a few things need to be worked out. Firstly, I'm going to separate out printk leaks as an issue to be worked on at a later time - it seems there is some interest in evaluating whether dmesg should be restricted, but that is out of scope of my plans for this patch series. That leaves the /proc leakage. I don't think XOR-ing is a viable option, since it would be relatively easy to infer the constant value. The criticism raised so far is that cutting out the pointers entirely results in the omission of potentially useful debugging information. I see two viable options to address this: either print out or omit addresses based on privileges (CAP_NET_ADMIN, for example), or have it controllable via sysctl. I'm leaning towards the sysctl option...thoughts? -Dan -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists