lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110527001449.GS19633@outflux.net>
Date:	Thu, 26 May 2011 17:14:49 -0700
From:	Kees Cook <kees.cook@...onical.com>
To:	David Miller <davem@...emloft.net>
Cc:	eric.dumazet@...il.com, joe@...ches.com, mingo@...e.hu,
	akpm@...ux-foundation.org, netdev@...r.kernel.org,
	drosenberg@...curity.com, a.p.zijlstra@...llo.nl,
	eparis@...isplace.org, eugeneteo@...nel.org, jmorris@...ei.org,
	tgraf@...radead.org
Subject: Re: [patch 1/1] net: convert %p usage to %pK

On Wed, May 25, 2011 at 09:50:40PM -0400, David Miller wrote:
> From: Kees Cook <kees.cook@...onical.com>
> Date: Wed, 25 May 2011 16:29:21 -0700
> 
> > Hi David,
> > 
> > On Tue, May 24, 2011 at 03:58:01AM -0400, David Miller wrote:
> >> From: Eric Dumazet <eric.dumazet@...il.com>
> >> Date: Tue, 24 May 2011 09:45:01 +0200
> >> 
> >> > Le mardi 24 mai 2011 à 00:35 -0700, Joe Perches a écrit :
> >> > 
> >> >> I think it's be better without the casts
> >> >> using the standard kernel.h macros.
> >> >> 
> >> >> 	void *ptr;
> >> >> 
> >> >> 	ptr = maybe_hide_ptr(sk);
> >> >> 	r->id.idiag_cookie[0] = lower_32_bits(ptr);
> >> >> 	r->id.idiag_cookie[1] = upper_32_bits(ptr);
> >> >> 
> >> > 
> >> > I am not sure I want to patch lower_32_bits() and upper_32_bits() for
> >> > this.
> >> > 
> >> > They dont work on pointers, but on "numbers", according to kerneldoc
> >> > Andrew wrote years ago. gcc agrees :
> >> > 
> >> > net/ipv4/inet_diag.c: In function ‘inet_csk_diag_fill’:
> >> > net/ipv4/inet_diag.c:119: warning: cast from pointer to integer of different size
> >> > net/ipv4/inet_diag.c:120: error: invalid operands to binary >>
> >> > make[1]: *** [net/ipv4/inet_diag.o] Error 1
> >> 
> >> Also you can't do this, the "cookie" is used by the kernel future
> >> lookups to find sockets.
> >> 
> >> The kernel pointer is part of the API, so sorry you can't "hide"
> >> kernel pointers in this case without really breaking user visible
> >> things.
> > 
> > But this is precisely what we're trying to control with kptr_restrict.
> > Setting kptr_restrict will make inet_diag (and some details of similar
> > things in /proc) meaningless. Based on the name, "diag" isn't going to be
> > used in normal operation, and kptr_restrict is 0 by default, so only system
> > owners interested in this will enable it and effectively disable inet_diag.
> 
> Are you kidding me?
> 
> inet_diag is the standard way to dump sockets using netlink.
> It's not a special obscure debugging facility, it's for real
> users.
> 
> And the encoded kernel pointer here is used as a shortcut to looking
> up precise sockets.

We got this dropped from the /proc view; why can't we do the same for
this netlink interface?

-Kees

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ