Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file

From: Kees Cook
Date: Wed Apr 06 2016 - 14:54:13 EST

Next message: Bastien Philbert: "[no subject]"
Previous message: Dietmar Eggemann: "Re: [PATCH RFC] sched/fair: let cpu's cfs_rq to reflect task migration"
In reply to: Christian Kujau: "Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file"
Next in thread: Linus Torvalds: "Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 6, 2016 at 11:52 AM, Christian Kujau <lists@xxxxxxxxxxxxxxx> wrote:
> On Wed, 6 Apr 2016, ed@xxxxxxxxxx wrote:
>> First, I wrote your attached patch, but then I thought zeroing other
>> /proc/iomem values would be better. So I changed it.
>
> On my systems, /proc/iomem, /proc/ioports and others get their
> world-readable bits removed during bootup - I guess that would mitigate
> this issue too?

Yeah, I think that'd be sufficient (that's the first patch I
suggested). It's not a strong as kptr_restrict since kptr_restrict has
mode "2", but ... I think that's some diminishing returns...

-Kees

--
Kees Cook
Chrome OS & Brillo Security

Next message: Bastien Philbert: "[no subject]"
Previous message: Dietmar Eggemann: "Re: [PATCH RFC] sched/fair: let cpu's cfs_rq to reflect task migration"
In reply to: Christian Kujau: "Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file"
Next in thread: Linus Torvalds: "Re: [PATCH] KERNEL: resource: Fix bug on leakage in /proc/iomem file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]