Re: [Security] [PATCH] proc: avoid information leaks to non-privileged processes

From: Eric W. Biederman
Date: Tue May 05 2009 - 03:51:49 EST

Next message: Mike Galbraith: "Re: CFS not suitable for desktop computers"
Previous message: Ingo Molnar: "Re: perf_counter: resetting a event counter"
In reply to: Linus Torvalds: "Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses"
Next in thread: Linus Torvalds: "Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:

> On Mon, 4 May 2009, Linus Torvalds wrote:
>>
>> Quite frankly, the way "get_random_bytes()" works now (it does a _full_
>> sha thing every time), I think it's insane overkill. But I do have to
>> admit that our current "get_random_int()" is insane _underkill_.
>
> Actually, I don't think "get_random_int()" is underkill per se (it does
> that half md4 transform to try to hide the source of the data), but the
> data itself is simply not modified at all, and the buffers aren't updated
> in between rounds.
>
> In fact "secure_ip_id()" (which it uses) explicityl does that private
> hash[] array so that the mixing that "half_md4_transform()" does do will
> _not_ be saved for the next round - so the next round will always start
> from the same keyptr "secret" state.
>
> I think.
>
> If that wasn't the case, and we actually kept mixing up the end result
> back into the next iteration, I suspect the current "get_random_int()"
> wouldn't be _nearly_ as bad as it is now.
>
> Or maybe I'm missing some part of the transform, and we do mix the values
> back as we do that "get_random_int()". I just don't see it. And if I'm
> right, then I think _that_ is the real weakness of our current
> get_random_int().

Yes, not mixing the result back (which would give us some kind of
pseudo random number generator) is the problem.

secure_ip_id, looks to be a very different kind of thing. A seed
that is reused periodically. Ultimately those values do change.

For the state we are mixing back into I expect we want it to be
per cpu so we don't need locks and avoid cache line ping pongs
when we mix the state back.

I haven't seen Matts patch and couldn't find it when I did a quick
look so I don't have any idea there.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Galbraith: "Re: CFS not suitable for desktop computers"
Previous message: Ingo Molnar: "Re: perf_counter: resetting a event counter"
In reply to: Linus Torvalds: "Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses"
Next in thread: Linus Torvalds: "Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]