From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com Date: Mon, 3 Oct 2011 15:31:58 +0300 From: Adrian Bunk Message-ID: <20111003123158.GA28898@localhost.pp.htv.fi> References: <20111002105457.GA5598@albatros> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20111002105457.GA5598@albatros> Subject: [kernel-hardening] Re: taskstats root only breaking iotop To: Vasiliy Kulikov Cc: Guillaume Chazarain , Linus Torvalds , Linux Kernel Mailing List , Balbir Singh , kernel-hardening@lists.openwall.com List-ID: On Sun, Oct 02, 2011 at 02:54:57PM +0400, Vasiliy Kulikov wrote: > (cc'ed kernel-hardening) > > On Sun, Oct 02, 2011 at 12:22 +0200, Guillaume Chazarain wrote: > > On Sun, Oct 2, 2011 at 2:20 AM, Linus Torvalds > > wrote: > > > So I don't see why you ask for it. What could possibly be a valid use-case? > > > > Right, kbyte granularity is enough. > > It is not enough. In some border cases an attacker may still learn > private information given the counters with _arbitrary_ granularity: > > http://www.openwall.com/lists/oss-security/2011/06/29/9 If you request a CVE for that, shouldn't there also be a CVE for /proc//cmdline being readable by all users? I'd expect "ps -ef" to be more likely to give private information to an attacker than counters with kbyte granularity, or am I wrong on that? >... > Thanks, cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755731Ab1JCMcM (ORCPT ); Mon, 3 Oct 2011 08:32:12 -0400 Received: from filtteri1.pp.htv.fi ([213.243.153.184]:44730 "EHLO filtteri1.pp.htv.fi" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754287Ab1JCMcF (ORCPT ); Mon, 3 Oct 2011 08:32:05 -0400 Date: Mon, 3 Oct 2011 15:31:58 +0300 From: Adrian Bunk To: Vasiliy Kulikov Cc: Guillaume Chazarain , Linus Torvalds , Linux Kernel Mailing List , Balbir Singh , kernel-hardening@lists.openwall.com Subject: Re: taskstats root only breaking iotop Message-ID: <20111003123158.GA28898@localhost.pp.htv.fi> References: <20111002105457.GA5598@albatros> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20111002105457.GA5598@albatros> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Oct 02, 2011 at 02:54:57PM +0400, Vasiliy Kulikov wrote: > (cc'ed kernel-hardening) > > On Sun, Oct 02, 2011 at 12:22 +0200, Guillaume Chazarain wrote: > > On Sun, Oct 2, 2011 at 2:20 AM, Linus Torvalds > > wrote: > > > So I don't see why you ask for it. What could possibly be a valid use-case? > > > > Right, kbyte granularity is enough. > > It is not enough. In some border cases an attacker may still learn > private information given the counters with _arbitrary_ granularity: > > http://www.openwall.com/lists/oss-security/2011/06/29/9 If you request a CVE for that, shouldn't there also be a CVE for /proc//cmdline being readable by all users? I'd expect "ps -ef" to be more likely to give private information to an attacker than counters with kbyte granularity, or am I wrong on that? >... > Thanks, cu Adrian -- "Is there not promise of rain?" Ling Tan asked suddenly out of the darkness. There had been need of rain for many days. "Only a promise," Lao Er said. Pearl S. Buck - Dragon Seed