Re: Security: information leaks in /proc enable keystroke recovery

[Amerigo Wang]

On Sat, Aug 15, 2009 at 03:21:27PM -0700, David Wagner wrote:
>
>In a nutshell, they exploit the fact that many files in /proc are
>world-readable yet contain sensitive information that can leak information
>about inter-keystroke timings.  For instance, /proc/$PID/stat reveals the
>ESP and EIP registers of the associated process, and is world-readable.
>/proc/pid/status is also mentioned as revealing information that could
>be exploited in these attacks.
>
>Based on my understanding of their work, it sounds like some of
>the information on those files should perhaps not be world-readable.
>It's not clear to me that it's reasonable for the kernel to reveal ESP,
>EIP, and other sensitive information about process behavior to everyone
>on the same system.


Nope, just make sure EIP, ESP, WCHAN etc. info will not be leaked.


>
>Are folks already aware of these vulnerabilities?

Yes, we have already fixed this in commit f83ce3 by Jake, so EIP, ESP
and WCHAN will not be leaked for non-privileged users.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/