From: Pavel Machek <pavel@ucw.cz>
To: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>,
Dominik Brodowski <linux@dominikbrodowski.net>,
linux-kernel@vger.kernel.org, linux-s390@vger.kernel.org,
kvm@vger.kernel.org, Heiko Carstens <heiko.carstens@de.ibm.com>,
Christian Borntraeger <borntraeger@de.ibm.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Cornelia Huck <cohuck@redhat.com>,
David Hildenbrand <david@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Jon Masters <jcm@redhat.com>, Marcus Meissner <meissner@suse.de>,
Jiri Kosina <jkosina@suse.cz>,
w@1wt.eu, keescook@chromium.org, thomas.lendacky@amd.com,
dwmw@amazon.co.uk, ak@linux.intel.com
Subject: Re: Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control]
Date: Mon, 29 Jan 2018 14:14:46 +0100 [thread overview]
Message-ID: <20180129131446.GB4669@amd> (raw)
In-Reply-To: <20180124204622.1f7b0de2@alans-desktop>
[-- Attachment #1: Type: text/plain, Size: 1092 bytes --]
On Wed 2018-01-24 20:46:22, Alan Cox wrote:
> > Anyway, no need to add prctl(), if A can ptrace B and B can ptrace A,
> > leaking info between them should not be a big deal. You can probably
> > find existing macros doing neccessary checks.
>
> Until one of them is security managed so it shouldn't be able to ptrace
> the other, or (and this is the nasty one) when a process is executing
> code it wants to protect from the rest of the same process (eg an
> untrusted jvm, javascript or probably nastiest of all webassembly)
>
> We don't need a prctl for trusted/untrusted IMHO but we do eventually
> need to think about API's for "this lot is me but I don't trust
> it" (flatpack, docker, etc) and for what JIT engines need to do.
Agreed.
And yes, JITs are interesting, and given the latest
rowhammer/sidechannel attacks, something we may want to limit in
future...
It sounds nice on paper but is just risky.
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2018-01-29 13:14 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-23 13:07 [RFC][PATCH 0/5] s390: improve speculative execution handling v2 Martin Schwidefsky
2018-01-23 13:07 ` [PATCH 1/5] prctl: add PR_ISOLATE_BP process control Martin Schwidefsky
2018-01-23 17:07 ` Dominik Brodowski
2018-01-24 6:29 ` Martin Schwidefsky
2018-01-24 8:37 ` Avoiding information leaks between users and between processes by default? [Was: : [PATCH 1/5] prctl: add PR_ISOLATE_BP process control] Dominik Brodowski
2018-01-24 9:24 ` David Woodhouse
2018-01-24 11:15 ` Pavel Machek
2018-01-24 12:48 ` Martin Schwidefsky
2018-01-24 19:01 ` Pavel Machek
2018-01-24 20:46 ` Alan Cox
2018-01-29 13:14 ` Pavel Machek [this message]
2018-01-29 20:12 ` Alan Cox
2018-01-24 15:42 ` Alan Cox
2018-01-24 8:08 ` [PATCH 1/5] prctl: add PR_ISOLATE_BP process control Christian Borntraeger
2018-01-23 13:07 ` [PATCH 2/5] s390/alternative: use a copy of the facility bit mask Martin Schwidefsky
2018-01-23 13:59 ` Cornelia Huck
2018-01-23 14:40 ` Martin Schwidefsky
2018-01-23 15:04 ` Cornelia Huck
2018-01-23 13:07 ` [PATCH 3/5] s390: add options to change branch prediction behaviour for the kernel Martin Schwidefsky
2018-01-23 13:07 ` [PATCH 4/5] s390: define ISOLATE_BP to run tasks with modified branch prediction Martin Schwidefsky
2018-01-23 14:21 ` Christian Borntraeger
2018-01-23 14:21 ` Christian Borntraeger
2018-01-23 20:32 ` Radim Krčmář
2018-01-24 6:36 ` Martin Schwidefsky
2018-01-24 11:50 ` Radim Krčmář
2018-01-23 13:07 ` [PATCH 5/5] s390: scrub registers on kernel entry and KVM exit Martin Schwidefsky
2018-01-23 13:09 ` Christian Borntraeger
2018-01-23 14:32 ` Martin Schwidefsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180129131446.GB4669@amd \
--to=pavel@ucw.cz \
--cc=ak@linux.intel.com \
--cc=borntraeger@de.ibm.com \
--cc=cohuck@redhat.com \
--cc=david@redhat.com \
--cc=dwmw@amazon.co.uk \
--cc=gnomes@lxorguk.ukuu.org.uk \
--cc=gregkh@linuxfoundation.org \
--cc=heiko.carstens@de.ibm.com \
--cc=jcm@redhat.com \
--cc=jkosina@suse.cz \
--cc=keescook@chromium.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux@dominikbrodowski.net \
--cc=meissner@suse.de \
--cc=pbonzini@redhat.com \
--cc=schwidefsky@de.ibm.com \
--cc=thomas.lendacky@amd.com \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.