From mboxrd@z Thu Jan 1 00:00:00 1970 Reply-To: kernel-hardening@lists.openwall.com From: Dave Hansen In-Reply-To: References: <20110910164134.GA2442@albatros> <20110914192744.GC4529@outflux.net> <20110918170512.GA2351@albatros> <20110919144657.GA5928@albatros> <20110919155718.GB16272@albatros> <20110919161837.GA2232@albatros> <20110919173539.GA3751@albatros> Content-Type: text/plain; charset="UTF-8" Date: Mon, 19 Sep 2011 11:03:15 -0700 Message-ID: <1316455395.16137.160.camel@nimitz> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to /proc/slabinfo To: Pekka Enberg Cc: Vasiliy Kulikov , Andrew Morton , kernel-hardening@lists.openwall.com, Kees Cook , Cyrill Gorcunov , Al Viro , Christoph Lameter , Matt Mackall , linux-kernel@vger.kernel.org, linux-mm@kvack.org, Dan Rosenberg , Theodore Tso , Alan Cox , Jesper Juhl , Linus Torvalds List-ID: On Mon, 2011-09-19 at 20:51 +0300, Pekka Enberg wrote: > How is the attacker able to identify that we kmalloc()'d from ecryptfs or > VFS based on non-root /proc/slabinfo when the slab allocator itself does > not have that sort of information if you mix up the allocations? Isn't this > much stronger protection especially if you combine that with /proc/slabinfo > restriction? Mixing it up just adds noise. It makes the attack somewhat more difficult, but it still leaves open the possibility that the attacker can filter out the noise somehow. -- Dave