lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20110526.224427.433160775431725543.davem@davemloft.net>
Date:	Thu, 26 May 2011 22:44:27 -0400 (EDT)
From:	David Miller <davem@...emloft.net>
To:	kees.cook@...onical.com
Cc:	eric.dumazet@...il.com, joe@...ches.com, mingo@...e.hu,
	akpm@...ux-foundation.org, netdev@...r.kernel.org,
	drosenberg@...curity.com, a.p.zijlstra@...llo.nl,
	eparis@...isplace.org, eugeneteo@...nel.org, jmorris@...ei.org,
	tgraf@...radead.org
Subject: Re: [patch 1/1] net: convert %p usage to %pK

From: Kees Cook <kees.cook@...onical.com>
Date: Thu, 26 May 2011 17:14:49 -0700

> On Wed, May 25, 2011 at 09:50:40PM -0400, David Miller wrote:
>> From: Kees Cook <kees.cook@...onical.com>
>> Date: Wed, 25 May 2011 16:29:21 -0700
>> 
>> > Hi David,
>> > 
>> > On Tue, May 24, 2011 at 03:58:01AM -0400, David Miller wrote:
>> >> From: Eric Dumazet <eric.dumazet@...il.com>
>> >> Date: Tue, 24 May 2011 09:45:01 +0200
>> >> 
>> >> > Le mardi 24 mai 2011 à 00:35 -0700, Joe Perches a écrit :
>> >> > 
>> >> >> I think it's be better without the casts
>> >> >> using the standard kernel.h macros.
>> >> >> 
>> >> >> 	void *ptr;
>> >> >> 
>> >> >> 	ptr = maybe_hide_ptr(sk);
>> >> >> 	r->id.idiag_cookie[0] = lower_32_bits(ptr);
>> >> >> 	r->id.idiag_cookie[1] = upper_32_bits(ptr);
>> >> >> 
>> >> > 
>> >> > I am not sure I want to patch lower_32_bits() and upper_32_bits() for
>> >> > this.
>> >> > 
>> >> > They dont work on pointers, but on "numbers", according to kerneldoc
>> >> > Andrew wrote years ago. gcc agrees :
>> >> > 
>> >> > net/ipv4/inet_diag.c: In function ‘inet_csk_diag_fill’:
>> >> > net/ipv4/inet_diag.c:119: warning: cast from pointer to integer of different size
>> >> > net/ipv4/inet_diag.c:120: error: invalid operands to binary >>
>> >> > make[1]: *** [net/ipv4/inet_diag.o] Error 1
>> >> 
>> >> Also you can't do this, the "cookie" is used by the kernel future
>> >> lookups to find sockets.
>> >> 
>> >> The kernel pointer is part of the API, so sorry you can't "hide"
>> >> kernel pointers in this case without really breaking user visible
>> >> things.
>> > 
>> > But this is precisely what we're trying to control with kptr_restrict.
>> > Setting kptr_restrict will make inet_diag (and some details of similar
>> > things in /proc) meaningless. Based on the name, "diag" isn't going to be
>> > used in normal operation, and kptr_restrict is 0 by default, so only system
>> > owners interested in this will enable it and effectively disable inet_diag.
>> 
>> Are you kidding me?
>> 
>> inet_diag is the standard way to dump sockets using netlink.
>> It's not a special obscure debugging facility, it's for real
>> users.
>> 
>> And the encoded kernel pointer here is used as a shortcut to looking
>> up precise sockets.
> 
> We got this dropped from the /proc view; why can't we do the same for
> this netlink interface?

Because it's not only an opaque "output" blob, it's also an input key
for lookups which the user can trigger.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ