Re: [Security] [PATCH] proc: avoid information leaks to non-privileged processes
From: Matt Mackall
Date: Thu May 07 2009 - 15:29:15 EST
On Thu, May 07, 2009 at 08:41:36PM +0200, Ingo Molnar wrote:
>
> * Matt Mackall <mpm@xxxxxxxxxxx> wrote:
>
> > > As i mentioned it in the previous mail, i'd _really_ like to
> > > hear your thread model and attack vector description. Does this
> > > overhead justify the threat? Your change will only result in
> > > get_random_int() not being considered fast anymore.
> >
> > My threat model is that someone more clever and with a lot more
> > expertise attacking systems than either you or me will be able to
> > leverage the extreme weakness of this hash (O(1) attacks against
> > the *full* version!) into an attack that incrementally exposes the
> > hidden RNG state. I've asked a couple such people whether they
> > think that's likely, and they've said yes.
>
> My question was whether the variant laced with the cycle counter
> could be exposable.
In my world, some machines don't have TSCs, so I think this is the
wrong question to be asking.
--
Mathematics is the supreme nostalgia of our time.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/