Re: [Ksummit-discuss] [TOPIC] kernel hardening / self-protection / whatever

All of lore.kernel.org
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Kees Cook <keescook@chromium.org>
Cc: Jann Horn <jann@thejh.net>,
	"ksummit-discuss@lists.linuxfoundation.org"
	<ksummit-discuss@lists.linuxfoundation.org>
Subject: Re: [Ksummit-discuss] [TOPIC] kernel hardening / self-protection / whatever
Date: Tue, 12 Jul 2016 11:40:45 -0500	[thread overview]
Message-ID: <87vb0a24j6.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <CAGXu5jL=Vj4tY1k7zYp6B1FcvKm7dSYnKFgN7C8Dp1hOztbjwg@mail.gmail.com> (Kees Cook's message of "Mon, 11 Jul 2016 13:57:04 -0400")

Kees Cook <keescook@chromium.org> writes:

> On Mon, Jul 11, 2016 at 12:30 PM, Eric W. Biederman
> <ebiederm@xmission.com> wrote:
>> Andy Lutomirski <luto@amacapital.net> writes:
>>
>>> Are there useful things to discuss in person about hardening?  (I
>>> don't want to bikeshed about the name at the kernel summit if we can
>>> possibly avoid it.)
>>>
>>> Plausible sub-topics include:
>>>
>>>  - "USERCOPY" hardening
>>>
>>>  - Virtually mapped stacks (I'm hoping to have that in for x86 before
>>> kernel summit...)
>>>
>>>  - Refcount
>>>
>>> I don't how much of this really needs an in-person meeting, but maybe
>>> some if it would benefit.
>>
>> Given the history of the previous work on which much of this kernel
>> hardening work is inspired, I think it makes some sense to discuss what
>> is needed to get various features ready for mainline.
>
> This is a much larger topic, I think. The work being done already by
> the Kernel Self Protection Project is highlighting what's needed to
> bring various features into mainline. Generally they require a lot of
> chopping up into distinct pieces, expanding their portability to other
> architectures, more testing, etc.
>
>> Many kernel hardening features are perceived as having downsides affect
>> performance or code maintainability.  Which quite frankly is a security
>> issue of another flavor because if something does not work well, and or
>
> Sure, but I think this will be done on a case-by-case basis, as each
> thing has wildly different aspects. :)
>
>> is not maintainable after a while it won't get used.  Rarely are we in
>> the situation where defense against attack is the most important thing
>> that people who are deploying linux are worried about.
>
> Yup, of course. This is why I'm trying to make sure that things have
> either near-zero impact or are easily configurable.

Please make certain to leave a big fat comment explaining the security
that is added and why.

I have two brand new patchs that I received today or yesterday sitting
in my inbox to remove security features in the kernel.

A patch to remove the limit on /proc/self/exec only being able to be
changed once.

A patch to muck with kexec_file_load, and get it to accept a new flavor
of unsigned data.  At least I think that is what the patch is.

Eric

next prev parent reply	other threads:[~2016-07-12 16:53 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-11  4:28 [Ksummit-discuss] [TOPIC] kernel hardening / self-protection / whatever Andy Lutomirski
2016-07-11 13:05 ` Rafael J. Wysocki
2016-07-11 16:30 ` Eric W. Biederman
2016-07-11 17:57   ` Kees Cook
2016-07-12 16:40     ` Eric W. Biederman [this message]
2016-07-21 15:54   ` Mark Rutland
2016-07-11 17:33 ` Jann Horn
2016-07-19 15:40   ` Eric W. Biederman
2016-07-20  2:14     ` Andy Lutomirski
2016-07-20  2:14       ` Eric W. Biederman
2016-07-20  6:42         ` Herbert Xu
2016-07-21 17:03           ` Eric W. Biederman
2016-07-11 17:53 ` Kees Cook
2016-07-11 18:07   ` Josh Triplett
2016-07-11 18:59     ` Kees Cook
2016-07-31  9:55   ` Paul Burton
2016-07-31 22:04     ` Kees Cook
2016-08-01 10:47       ` Mark Rutland
2016-08-01 19:42         ` Kees Cook
2016-08-03 22:53       ` Catalin Marinas
2016-08-04  5:32         ` Kees Cook
2016-08-04  5:45           ` Andy Lutomirski
2016-08-04  5:54             ` Kees Cook
2016-08-05  0:12               ` Andy Lutomirski
2016-09-08 23:54                 ` Kees Cook
2016-09-09  0:42                   ` Andy Lutomirski
2016-08-04 14:17           ` Dave Hansen
2016-08-04 22:29             ` Catalin Marinas
2016-08-01  9:34     ` [Ksummit-discuss] [nominations] " Mark Rutland

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87vb0a24j6.fsf@x220.int.ebiederm.org \
    --to=ebiederm@xmission.com \
    --cc=jann@thejh.net \
    --cc=keescook@chromium.org \
    --cc=ksummit-discuss@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.