Re: [Security] [PATCH] proc: avoid information leaks tonon-privileged processes

From: Arjan van de Ven
Date: Mon May 04 2009 - 19:25:22 EST

Next message: Mauro Carvalho Chehab: "Re: [PATCH 12/21] amd64_edac: add f10-and-later methods-p2"
Previous message: Greg KH: "Re: [patch 1/5] oom: cleanup android low memory killer"
In reply to: Linus Torvalds: "Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses"
Next in thread: Linus Torvalds: "Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 4 May 2009 15:24:15 -0700 (PDT)
Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:

>
>
> On Mon, 4 May 2009, Eric W. Biederman wrote:
>
> > Arjan van de Ven <arjan@xxxxxxxxxxxxx> writes:
> >
> > > On Mon, 4 May 2009 12:00:12 -0700 (PDT)
> > > Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> > >
> > >>
> > >>
> > >> On Mon, 4 May 2009, Jake Edge wrote:
> > >> >
> > >> > This is essentially v2 of "[PATCH] proc: avoid leaking eip,
> > >> > esp, or wchan to non-privileged processes", adding some of
> > >> > Eric Biederman's suggestions as well as the start_stack change
> > >> > (only give out that address if the process is ptrace()-able).
> > >> > This has been tested with ps and top without any ill effects
> > >> > being seen.
> > >>
> > >> Looks sane to me. Anybody objects?
> > >>
> > >
> > > Acked-by: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
> >
> > Looks sane here.
> >
> > Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
>
> Ok, applied.
>
> Also, does anybody have any commentary or opinion on the patch by
> Matt Mackall to use stronger random numbers than "get_random_int()".
> I wonder what the performance impact of that is - "get_random_int()"
> is very cheap by design, and many users may consider calling
> "get_random_bytes()" to be overkill and a potential performance issue.
>
> Quite frankly, the way "get_random_bytes()" works now (it does a
> _full_ sha thing every time), I think it's insane overkill. But I do
> have to admit that our current "get_random_int()" is insane
> _underkill_.
>
> I'd like to improve the latter without going to quie the extreme that
> matt's patch did.

doing something simple as hashing in the tsc will already help;
while some people are nervous about the predictability of the tsc,
in practice there's likely enough bits of unpredictability there
to be worth the very low price of 50 cycles or less....

--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mauro Carvalho Chehab: "Re: [PATCH 12/21] amd64_edac: add f10-and-later methods-p2"
Previous message: Greg KH: "Re: [patch 1/5] oom: cleanup android low memory killer"
In reply to: Linus Torvalds: "Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses"
Next in thread: Linus Torvalds: "Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]