From: Vasiliy Kulikov <segoon@openwall.com>
To: kernel-hardening@lists.openwall.com
Cc: Andrew Morton <akpm@linux-foundation.org>,
Cyrill Gorcunov <gorcunov@gmail.com>,
Al Viro <viro@zeniv.linux.org.uk>,
Christoph Lameter <cl@linux-foundation.org>,
Pekka Enberg <penberg@kernel.org>, Matt Mackall <mpm@selenic.com>,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
Dan Rosenberg <drosenberg@vsecurity.com>,
Theodore Tso <tytso@mit.edu>, Alan Cox <alan@linux.intel.com>,
Jesper Juhl <jj@chaosbits.net>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [kernel-hardening] Re: [RFC PATCH 2/2] mm: restrict access to /proc/slabinfo
Date: Wed, 14 Sep 2011 19:42:29 +0400 [thread overview]
Message-ID: <20110914154229.GA9776@albatros> (raw)
In-Reply-To: <1316013505.4478.50.camel@nimitz>
Hi Dave,
On Wed, Sep 14, 2011 at 08:18 -0700, Dave Hansen wrote:
> On Wed, 2011-09-14 at 17:16 +0400, Vasiliy Kulikov wrote:
> > > World readable slabinfo simplifies kernel developers' job of debugging
> > > kernel bugs (e.g. memleaks), but I believe it does more harm than
> > > benefits. For most users 0444 slabinfo is an unreasonable attack vector.
> >
> > Please tell if anybody has complains about the restriction - whether it
> > forces someone besides kernel developers to do "chmod/chgrp". But if
> > someone want to debug the kernel, it shouldn't significantly influence
> > on common users, especially it shouldn't create security issues.
>
> Ubuntu ships today with a /etc/init/mounted-proc.conf that does:
>
> chmod 0400 "${MOUNTPOINT}"/slabinfo
>
> After cursing Kees's name a few times, I commented it out and it hasn't
> bothered me again.
Another way is chgrp slabinfo to some "admin" group which are privileged
in this sense and add your user to this group. But please, sane and
secure defaults!
> I expect that the folks that really care about this (and their distros)
> will probably have a similar mechanism. I guess the sword cuts both
> ways in this case: it obviously _works_ to have the distros do it, but
> it was a one-time inconvenience for me to override that.
>
> In other words, I dunno. If we do this in the kernel, can we at least
> do something like CONFIG_INSECURE to both track these kinds of things
> and make it easy to get them out of a developer's way?
What do you think about adding your user to the slabinfo's group or
chmod it - quite the opposite Ubuntu currently does? I think it is more
generic (e.g. you may chmod 0444 to allow all users to get debug
information or just 0440 and chgrp admin to allow only trusted users to
do it) and your local policy doesn't touch the kernel.
Thanks,
--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2011-09-14 15:43 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20110910164001.GA2342@albatros>
2011-09-10 16:41 ` [RFC PATCH 2/2] mm: restrict access to /proc/slabinfo Vasiliy Kulikov
2011-09-12 15:06 ` Cyrill Gorcunov
2011-09-13 6:28 ` Vasiliy Kulikov
2011-09-14 13:16 ` Vasiliy Kulikov
2011-09-14 15:18 ` Dave Hansen
2011-09-14 15:42 ` Vasiliy Kulikov [this message]
2011-09-14 15:48 ` [kernel-hardening] " Vasiliy Kulikov
2011-09-14 18:24 ` Dave Hansen
2011-09-14 18:41 ` Dave Hansen
2011-09-14 19:14 ` Vasiliy Kulikov
2011-09-14 19:27 ` Kees Cook
2011-09-18 17:05 ` [kernel-hardening] " Vasiliy Kulikov
2011-09-19 13:42 ` Christoph Lameter
2011-09-19 14:30 ` Pekka Enberg
2011-09-19 14:46 ` Vasiliy Kulikov
2011-09-19 15:13 ` Pekka Enberg
2011-09-19 15:57 ` Vasiliy Kulikov
2011-09-19 16:11 ` Pekka Enberg
2011-09-19 16:18 ` Vasiliy Kulikov
2011-09-19 17:31 ` Pekka Enberg
2011-09-19 17:35 ` Vasiliy Kulikov
2011-09-19 17:51 ` Christoph Lameter
2011-09-19 19:59 ` Valdis.Kletnieks
2011-09-19 20:02 ` Christoph Lameter
2011-09-19 20:36 ` Valdis.Kletnieks
2011-09-19 17:51 ` Pekka Enberg
2011-09-19 17:58 ` Vasiliy Kulikov
2011-09-19 18:46 ` Pekka Enberg
2011-09-19 18:55 ` Vasiliy Kulikov
2011-09-19 19:20 ` Pekka Enberg
2011-09-19 19:33 ` Pekka Enberg
2011-09-19 18:55 ` Linus Torvalds
2011-09-19 19:18 ` Pekka Enberg
2011-09-19 19:45 ` Pekka Enberg
2011-09-19 20:59 ` David Rientjes
2011-09-19 18:03 ` Dave Hansen
2011-09-19 18:21 ` Pekka Enberg
2011-09-19 19:45 ` Valdis.Kletnieks
2011-09-19 19:55 ` Alan Cox
2011-09-21 17:05 ` Vasiliy Kulikov
2011-09-22 2:20 ` Valdis.Kletnieks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110914154229.GA9776@albatros \
--to=segoon@openwall.com \
--cc=akpm@linux-foundation.org \
--cc=alan@linux.intel.com \
--cc=cl@linux-foundation.org \
--cc=drosenberg@vsecurity.com \
--cc=gorcunov@gmail.com \
--cc=jj@chaosbits.net \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mpm@selenic.com \
--cc=penberg@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).