Re: [PATCH v2 0/4] Checkpoint/Restore: Show in proc IDs of objects that can be shared between tasks

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Cyrill Gorcunov <gorcunov@gmail.com>
To: Matt Helsley <matthltc@us.ibm.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
	Pavel Emelyanov <xemul@parallels.com>,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	Glauber Costa <glommer@parallels.com>,
	Andi Kleen <andi@firstfloor.org>, Tejun Heo <tj@kernel.org>,
	Pekka Enberg <penberg@kernel.org>,
	Eric Dumazet <eric.dumazet@gmail.com>,
	Vasiliy Kulikov <segoon@openwall.com>
Subject: Re: [PATCH v2 0/4] Checkpoint/Restore: Show in proc IDs of objects that can be shared between tasks
Date: Sat, 19 Nov 2011 09:35:26 +0400	[thread overview]
Message-ID: <20111119053526.GF21041@moon> (raw)
In-Reply-To: <20111118233840.GC6408@count0.beaverton.ibm.com>

On Fri, Nov 18, 2011 at 03:38:40PM -0800, Matt Helsley wrote:
...
> > 
> > Well, in case of hw-rng it should not be that easy, still of course
> > there is no 100% guarantee that there is absolutely no way to predict
> > this mask (espec since it's generated once at lives here forever). But
> 
> The random number itself could be of the best quality and the obfuscation
> could still be completely broken from a security standpoint. Put another
> way, we don't need to attack the method the random number was generated.
> We could probably utilize information we have about how the addresses
> themselves are generated.
> 

Agreed.

> > whatever makes attacker life harder -- is a good thing. After all we might
> > simply take some hash on kernel address here (such as sha256) since it's
> > not a time-critical operation and as far as I know collision is not found
> > for it yet (??).
> 
> Yes, cryptographic hashing seems much better than a highly suspect ad-hoc
> scheme which has barely been analyzed.
>

I'm surely fine with using crypto-hashes here.

> > 
> > > b) If we can export these addresses only to CAP_SYS_ADMIN tasks then
> > >    we don't need to obfuscate them anyway.
> > > 
> > >    Which takes me back to again asking: why not make c/r root-only?
> > >    And provide non-root access via a carefully-written setuid
> > >    front-end?
> > > 
> > 
> > I think non-root approach is a win in a long term (even if it requires
> 
> You could go with the root approach for now and make things more
> permissive later.
> 

Root-only makes all things easier, but I fear if we don't start with
non-root from the very beginning it'll remain root-only forever ;)

	Cyrill

next prev parent reply	other threads:[~2011-11-19  5:35 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-11-17  9:55 [PATCH v2 0/4] Checkpoint/Restore: Show in proc IDs of objects that can be shared between tasks Pavel Emelyanov
2011-11-17  9:56 ` [PATCH 1/4] Routine for generating a safe ID for kernel pointer Pavel Emelyanov
2011-11-17  9:56 ` [PATCH 2/4] proc: Show namespaces IDs in /proc/pid/ns/* files Pavel Emelyanov
2011-11-17  9:56 ` [PATCH 3/4] proc: Show open file ID in /proc/pid/fdinfo/* Pavel Emelyanov
2011-11-17 20:48 ` [PATCH v2 0/4] Checkpoint/Restore: Show in proc IDs of objects that can be shared between tasks Andrew Morton
2011-11-18  9:24   ` Pavel Emelyanov
2011-11-18 19:07     ` Andrew Morton
2011-11-18 20:03       ` Cyrill Gorcunov
2011-11-18 20:37         ` Andrew Morton
2011-11-18 21:03           ` Cyrill Gorcunov
2011-11-18 21:09             ` Pekka Enberg
2011-11-18 22:10               ` Kyle Moffett
2011-11-18 23:46                 ` Tejun Heo
2011-11-19  1:09                   ` Kyle Moffett
2011-11-19  5:30                     ` Cyrill Gorcunov
2011-11-18 23:38             ` Matt Helsley
2011-11-19  5:35               ` Cyrill Gorcunov [this message]
2011-11-19  7:57       ` [kernel-hardening] " Vasiliy Kulikov
2011-11-19  7:57         ` Vasiliy Kulikov
2011-11-19  8:10         ` [kernel-hardening] " Vasiliy Kulikov
2011-11-19  8:10           ` Vasiliy Kulikov
2011-11-19  8:18           ` [kernel-hardening] " Vasiliy Kulikov
2011-11-19  8:18             ` Vasiliy Kulikov
2011-11-19 15:34           ` [kernel-hardening] " Cyrill Gorcunov
2011-11-19 15:34             ` Cyrill Gorcunov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20111119053526.GF21041@moon \
    --to=gorcunov@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=andi@firstfloor.org \
    --cc=eric.dumazet@gmail.com \
    --cc=glommer@parallels.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=matthltc@us.ibm.com \
    --cc=penberg@kernel.org \
    --cc=segoon@openwall.com \
    --cc=tj@kernel.org \
    --cc=xemul@parallels.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.