From: ebiederm@xmission.com (Eric W. Biederman)
To: Matt Mackall <mpm@selenic.com>
Cc: Ingo Molnar <mingo@elte.hu>,
Linus Torvalds <torvalds@linux-foundation.org>,
Arjan van de Ven <arjan@infradead.org>, Jake Edge <jake@lwn.net>,
security@kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
James Morris <jmorris@namei.org>,
linux-security-module@vger.kernel.org,
Eric Paris <eparis@redhat.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Roland McGrath <roland@redhat.com>,
mingo@redhat.com, Andrew Morton <akpm@linux-foundation.org>,
Greg KH <greg@kroah.com>, Dave Jones <davej@redhat.com>
Subject: Re: [Security] [PATCH] proc: avoid information leaks to non-privileged processes
Date: Tue, 05 May 2009 14:20:47 -0700 [thread overview]
Message-ID: <m1skjjtff4.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20090505202219.GL31071@waste.org> (Matt Mackall's message of "Tue\, 5 May 2009 15\:22\:19 -0500")
Matt Mackall <mpm@selenic.com> writes:
> On Tue, May 05, 2009 at 09:52:46PM +0200, Ingo Molnar wrote:
>>
>> * Eric W. Biederman <ebiederm@xmission.com> wrote:
>>
>> > Ingo Molnar <mingo@elte.hu> writes:
>> >
>> > > * Matt Mackall <mpm@selenic.com> wrote:
>> > >
>> > >> As to what's the appropriate sort of RNG for ASLR to use, finding
>> > >> a balance between too strong and too weak is tricky. [...]
>> > >
>> > > In exec-shield i mixed 'easily accessible and fast' semi-random
>> > > state to the get_random_int() result: xor-ed the cycle counter, the
>> > > pid and a kernel address to it. That strengthened the result in a
>> > > pretty practical way (without strengthening the theoretical
>> > > randomless - each of those items are considered guessable) and does
>> > > so without weakening the entropy of the random pool.
>> >
>> > The trouble is, that thinking completely misses the problem, and I
>> > expect that is why we have a problem. Throwing a bunch of
>> > possibly truly random values into the pot for luck is nice. But
>> > you didn't throw in a pseudo random number generator. An
>> > unpredictable sequence that is guaranteed to change from one
>> > invocation to the next.
>>
>> Alas, i did - it got 'reviewed' out of existence ;)
>>
>> I still have the backups, here's the original exec-shield RNG:
>>
>> +/*
>> + * Get a random word:
>> + */
>> +static inline unsigned int get_random_int(void)
>> +{
>> + unsigned int val = 0;
>> +
>> + if (!exec_shield_randomize)
>> + return 0;
>> +
>> +#ifdef CONFIG_X86_HAS_TSC
>> + rdtscl(val);
>> +#endif
>> + val += current->pid + jiffies + (int)&val;
>> +
>> + /*
>> + * Use IP's RNG. It suits our purpose perfectly: it re-keys itself
>> + * every second, from the entropy pool (and thus creates a limited
>> + * drain on it), and uses halfMD4Transform within the second. We
>> + * also spice it with the TSC (if available), jiffies, PID and the
>> + * stack address:
>> + */
>> + return secure_ip_id(val);
>> +}
>
> Ingo, what are you on about? On every architecture but X86 with TSC
> this is identical to the broken code.
Well it has the val = (int)&val bit.
However you are quite right the original get_random_int does not have
any state that persists from one call to the next. Ingo you failed to
copy that from the way ip uses secure_ip_id.
Which ultimately means get_random_int has never had a pseudo random
number generator in it.
Eric
next prev parent reply other threads:[~2009-05-05 21:21 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-04 18:51 [PATCH] proc: avoid information leaks to non-privileged processes Jake Edge
2009-05-04 19:00 ` [Security] " Linus Torvalds
2009-05-04 19:51 ` Arjan van de Ven
2009-05-04 20:20 ` Eric W. Biederman
2009-05-04 22:24 ` Linus Torvalds
2009-05-04 23:26 ` Arjan van de Ven
2009-05-04 23:54 ` Linus Torvalds
2009-05-05 7:51 ` Eric W. Biederman
2009-05-05 15:17 ` Linus Torvalds
2009-05-05 15:35 ` Linus Torvalds
2009-05-05 16:18 ` Matt Mackall
2009-05-05 16:10 ` Matt Mackall
2009-05-05 5:50 ` Matt Mackall
2009-05-05 6:31 ` Ingo Molnar
2009-05-05 8:14 ` Eric W. Biederman
2009-05-05 19:52 ` Ingo Molnar
2009-05-05 20:22 ` Matt Mackall
2009-05-05 21:20 ` Eric W. Biederman [this message]
2009-05-06 10:33 ` Ingo Molnar
2009-05-06 10:30 ` Ingo Molnar
2009-05-06 16:25 ` Matt Mackall
2009-05-06 16:48 ` Linus Torvalds
2009-05-06 17:57 ` Matt Mackall
2009-05-07 0:50 ` Matt Mackall
2009-05-07 15:02 ` Ingo Molnar
2009-05-07 18:14 ` Matt Mackall
2009-05-07 18:21 ` Ingo Molnar
2009-05-07 18:41 ` Ingo Molnar
2009-05-07 19:24 ` Matt Mackall
2009-05-07 15:16 ` Florian Weimer
2009-05-07 16:55 ` Matt Mackall
2009-05-07 17:53 ` Linus Torvalds
2009-05-07 18:42 ` Matt Mackall
2009-05-06 20:09 ` [patch] random: make get_random_int() more random Ingo Molnar
2009-05-06 20:41 ` Matt Mackall
2009-05-06 20:51 ` Ingo Molnar
2009-05-06 21:10 ` Matt Mackall
2009-05-06 21:24 ` Ingo Molnar
2009-05-14 22:47 ` Jake Edge
2009-05-14 22:55 ` [Security] " Linus Torvalds
2009-05-15 13:47 ` Ingo Molnar
2009-05-15 15:10 ` Jake Edge
2009-05-16 10:00 ` Willy Tarreau
2009-05-16 10:39 ` Ingo Molnar
2009-05-16 12:02 ` Eric W. Biederman
2009-05-16 14:00 ` Michael S. Zick
2009-05-16 14:28 ` Michael S. Zick
2009-05-16 14:57 ` Arjan van de Ven
2009-05-16 15:09 ` Michael S. Zick
2009-05-16 14:32 ` Matt Mackall
2009-05-16 13:58 ` Willy Tarreau
2009-05-16 15:23 ` Linus Torvalds
2009-05-16 15:47 ` Willy Tarreau
2009-05-16 15:54 ` Oliver Neukum
2009-05-16 16:05 ` Linus Torvalds
2009-05-16 16:17 ` Linus Torvalds
2009-05-15 1:16 ` Américo Wang
2009-05-06 20:25 ` [Security] [PATCH] proc: avoid information leaks to non-privileged processes Ingo Molnar
2009-05-06 20:52 ` Matt Mackall
2009-05-05 8:58 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1skjjtff4.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=davej@redhat.com \
--cc=eparis@redhat.com \
--cc=greg@kroah.com \
--cc=jake@lwn.net \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=mingo@redhat.com \
--cc=mpm@selenic.com \
--cc=roland@redhat.com \
--cc=security@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.