public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Dan Rosenberg <drosenberg@vsecurity.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: Tony Luck <tony.luck@gmail.com>,
	linux-kernel@vger.kernel.org, davej@redhat.com,
	kees.cook@canonical.com, davem@davemloft.net, eranian@google.com,
	torvalds@linux-foundation.org, adobriyan@gmail.com,
	penberg@kernel.org, hpa@zytor.com,
	Arjan van de Ven <arjan@infradead.org>,
	Andrew Morton <akpm@linux-foundation.org>,
	Valdis.Kletnieks@vt.edu, Ingo Molnar <mingo@elte.hu>,
	pageexec@freemail.hu
Subject: Re: [RFC][PATCH] Randomize kernel base address on boot
Date: Thu, 26 May 2011 16:44:34 -0400	[thread overview]
Message-ID: <1306442674.2279.29.camel@dan> (raw)
In-Reply-To: <20110526204030.GL29496@redhat.com>

On Thu, 2011-05-26 at 16:40 -0400, Vivek Goyal wrote:
> On Thu, May 26, 2011 at 04:35:02PM -0400, Vivek Goyal wrote:
> > On Tue, May 24, 2011 at 04:31:45PM -0400, Dan Rosenberg wrote:
> > > This introduces CONFIG_RANDOMIZE_BASE, which randomizes the address at
> > > which the kernel is decompressed at boot as a security feature that
> > > deters exploit attempts relying on knowledge of the location of kernel
> > > internals.  The default values of the kptr_restrict and dmesg_restrict
> > > sysctls are set to (1) when this is enabled, since hiding kernel
> > > pointers is necessary to preserve the secrecy of the randomized base
> > > address.
> > 
> > What happens to /proc/iomem interface which gives us the physical memory
> > location where kernel is loaded. kexec-tools relies on that interface
> > heavily so we can not take it away. And if we can not take it away then
> > I think somebody should be easibly be able to calculate this randomized
> > base address.

Is it common to run kexec-tools as non-root?  It may be necessary to
restrict this interface to root when randomization is used (keep in mind
nobody's going to force you to turn this on by default, at least for the
foreseeable future).

-Dan

> 
> Thanks
> Vivek



  reply	other threads:[~2011-05-26 20:44 UTC|newest]

Thread overview: 95+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-05-24 20:31 [RFC][PATCH] Randomize kernel base address on boot Dan Rosenberg
2011-05-24 21:02 ` Ingo Molnar
2011-05-24 22:55   ` Dan Rosenberg
2011-05-24 21:16 ` Ingo Molnar
2011-05-24 23:00   ` Dan Rosenberg
2011-05-25 11:23     ` Ingo Molnar
2011-05-25 14:20       ` Dan Rosenberg
2011-05-25 14:29         ` Ingo Molnar
2011-05-24 23:06   ` H. Peter Anvin
2011-05-25 14:03     ` Dan Rosenberg
2011-05-25 14:14       ` Ingo Molnar
2011-05-25 15:48       ` H. Peter Anvin
2011-05-25 16:15         ` Dan Rosenberg
2011-05-25 16:24           ` H. Peter Anvin
2011-05-24 21:46 ` Brian Gerst
2011-05-24 23:01   ` Dan Rosenberg
2011-05-24 22:31 ` H. Peter Anvin
2011-05-24 23:04   ` Dan Rosenberg
2011-05-24 23:07     ` H. Peter Anvin
2011-05-24 23:34       ` Dan Rosenberg
2011-05-24 23:36         ` H. Peter Anvin
2011-05-24 23:14   ` H. Peter Anvin
2011-05-24 23:08 ` Dan Rosenberg
2011-05-25  2:05   ` Dan Rosenberg
2011-05-26 20:01 ` Vivek Goyal
2011-05-26 20:06   ` Dan Rosenberg
2011-05-26 20:16   ` Valdis.Kletnieks
2011-05-26 20:31     ` Vivek Goyal
2011-05-27  9:36       ` Ingo Molnar
2011-05-26 20:35 ` Vivek Goyal
2011-05-26 20:40   ` Vivek Goyal
2011-05-26 20:44     ` Dan Rosenberg [this message]
2011-05-26 20:55       ` Vivek Goyal
2011-05-27  9:38         ` Ingo Molnar
2011-05-27 13:07           ` Vivek Goyal
2011-05-27 13:38             ` Ingo Molnar
2011-05-27 13:13       ` Vivek Goyal
2011-05-27 13:21         ` Dan Rosenberg
2011-05-27 13:46           ` Ingo Molnar
2011-05-27 13:50           ` Vivek Goyal
2011-05-26 20:39 ` Dan Rosenberg
2011-05-27  7:15   ` Ingo Molnar
2011-05-31 16:52   ` Matthew Garrett
2011-05-31 18:40     ` H. Peter Anvin
2011-05-31 18:51       ` Matthew Garrett
2011-05-31 19:03         ` Dan Rosenberg
2011-05-31 19:07           ` H. Peter Anvin
2011-05-31 19:50           ` Ingo Molnar
2011-05-31 19:55           ` Ingo Molnar
2011-05-31 20:15             ` H. Peter Anvin
2011-05-31 20:27               ` Ingo Molnar
2011-05-31 20:30                 ` H. Peter Anvin
2011-06-01  6:18                   ` Ingo Molnar
2011-06-01 15:44                     ` H. Peter Anvin
2011-05-31 20:17             ` Dan Rosenberg
2011-05-26 22:18 ` Rafael J. Wysocki
2011-05-26 22:32   ` H. Peter Anvin
2011-05-27  0:26     ` Dan Rosenberg
2011-05-27 16:21       ` Rafael J. Wysocki
2011-05-27  2:45     ` Dave Jones
2011-05-27  9:40       ` Ingo Molnar
2011-05-27 16:11         ` Rafael J. Wysocki
2011-05-27 16:07     ` Rafael J. Wysocki
2011-05-27 15:42   ` Linus Torvalds
2011-05-27 16:11     ` Dan Rosenberg
2011-05-27 17:00     ` Ingo Molnar
2011-05-27 17:06       ` H. Peter Anvin
2011-05-27 17:10       ` Dan Rosenberg
2011-05-27 17:13         ` H. Peter Anvin
2011-05-27 17:16           ` Linus Torvalds
2011-05-27 17:38             ` Ingo Molnar
2011-05-27 17:20           ` Kees Cook
2011-05-27 17:16         ` Ingo Molnar
2011-05-27 17:21           ` Linus Torvalds
2011-05-27 17:46             ` Ingo Molnar
2011-05-27 17:53               ` H. Peter Anvin
2011-05-27 18:05                 ` Linus Torvalds
2011-05-27 19:15                   ` Vivek Goyal
2011-05-27 21:37                   ` H. Peter Anvin
2011-05-27 23:51                     ` H. Peter Anvin
2011-05-28 12:18                   ` Ingo Molnar
2011-05-29  1:13                     ` H. Peter Anvin
2011-05-29 12:47                       ` Ingo Molnar
2011-05-29 18:19                         ` H. Peter Anvin
2011-05-29 18:44                           ` Ingo Molnar
2011-05-29 18:52                             ` H. Peter Anvin
2011-05-29 19:56                               ` Ingo Molnar
2011-05-27 17:57               ` Linus Torvalds
2011-05-27 18:17                 ` Ingo Molnar
2011-05-27 18:43                   ` Kees Cook
2011-05-27 18:48                   ` david
2011-05-27 21:51                   ` Olivier Galibert
2011-05-27 22:11                     ` Valdis.Kletnieks
2011-05-28  0:50                     ` H. Peter Anvin
2011-05-28  6:32                     ` Ingo Molnar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1306442674.2279.29.camel@dan \
    --to=drosenberg@vsecurity.com \
    --cc=Valdis.Kletnieks@vt.edu \
    --cc=adobriyan@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=arjan@infradead.org \
    --cc=davej@redhat.com \
    --cc=davem@davemloft.net \
    --cc=eranian@google.com \
    --cc=hpa@zytor.com \
    --cc=kees.cook@canonical.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=pageexec@freemail.hu \
    --cc=penberg@kernel.org \
    --cc=tony.luck@gmail.com \
    --cc=torvalds@linux-foundation.org \
    --cc=vgoyal@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox