public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: V13 <v13@priest.com>
To: Andi Kleen <ak@muc.de>
Cc: Andrea Arcangeli <andrea@cpushare.com>, linux-kernel@vger.kernel.org
Subject: Re: secure computing for 2.6.7
Date: Wed, 4 Aug 2004 16:18:39 +0300	[thread overview]
Message-ID: <200408041618.42630.v13@priest.com> (raw)
In-Reply-To: <m3ekmq2ym7.fsf@averell.firstfloor.org>

On Monday 02 August 2004 03:05, Andi Kleen wrote:
> I don't think a sequence number is a good idea. Consider a
> vendor/third party kernel fixing a security bug, but mainline hasn't
> taken the patch yet for some reason.
>
> The vendor kernel could not safely increase this number, because it
> could conflict with some other security bug fixed in mainline at the
> same time.
>
> The end result would be that the kernel would be fixed, but
> the application has no way to tell.
>
> Better may be a bitmap, but even there you still have an problem
> with allocating these bits.
>
> A safe solution would be a file in /proc that lists CAN idenitifiers of
> fixed bugs or similar, but that may be quite some overhead to maintain
> and parse.

What about using the kernel version (instead of a seq #) plus a /proc file 
which lists the fixed CAN ids? This way a patch to a kernel will add an entry 
to /proc/koko and the program whould check the kernel version. If the kernel 
version is less or equal to X then it will read the /proc/koko for applied 
patches.

When a new version of the kernel is released then the /proc/koko file will be 
cleared a bit since version X.Y.Z means that the patches were added.

This leads to a hole between releasing a new version of the program and 
releasing a new kernel version, since the author will not be able to know if 
the next version of the kernel will have this bug fixed or not, so he cannot 
safely check the kernel version for a >X.Y.Z.

This can be solved in combination with a user space library that maintains a 
list of known kernel fixes and an API like: int can_is_fixed(...); which will 
combine the /proc information with the kernel version. The library (i.e 
an /etc file) will maintain a list of known fixes and the kernel version it 
was applied and will read the /proc/koko file for extra information. This may 
lead to false positives in case the library is an older version and the 
kernel is upgraded (since the lib will not know about the applied patch) but:

a) This is acceptable by the conditions you've set
b) Can be partialy solved by keeping CAN ids in /proc/koko for N versions of 
kernel (or for N months)

> -Andi
<<V13>>

  parent reply	other threads:[~2004-08-04 13:16 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <2ejhQ-4lc-5@gated-at.bofh.it>
     [not found] ` <2fqhq-1RU-45@gated-at.bofh.it>
     [not found]   ` <2olLt-4wI-5@gated-at.bofh.it>
2004-08-02  0:05     ` secure computing for 2.6.7 Andi Kleen
2004-08-02 10:19       ` Andrea Arcangeli
2004-08-02 19:06         ` Rik van Riel
2004-08-02 21:35           ` Andrea Arcangeli
2004-08-04 13:18       ` V13 [this message]
2004-07-04 17:39 andrea
2004-07-04 21:35 ` Andrew Morton
2004-07-04 23:32   ` andrea
2004-07-05  0:37     ` Phy Prabab
2004-10-12 14:24   ` Andrea Arcangeli
2004-10-12 15:32     ` Rik van Riel
2004-10-12 15:59       ` Andrea Arcangeli
2004-10-12 16:28         ` Rik van Riel
2004-10-12 17:46           ` Andrea Arcangeli
2004-10-12 18:04             ` Rik van Riel
2004-10-12 18:10             ` Rik van Riel
2004-10-12 18:29               ` Andrea Arcangeli
2004-07-07 19:27 ` Hans Reiser
2004-08-01 10:22   ` Andrea Arcangeli
2004-08-01 12:01     ` chris
2004-08-01 15:01       ` Andrea Arcangeli
2004-08-01 17:29         ` chris
2004-08-01 18:52           ` Bernd Eckenfels
2004-08-01 20:45           ` Alan Cox
2004-08-01 23:10             ` Andrea Arcangeli
2004-08-01 23:08               ` Alan Cox
2004-08-02 10:25                 ` Andrea Arcangeli
2004-08-01 23:06           ` Andrea Arcangeli
2004-08-02  6:52             ` David Wagner
2004-08-03 12:48         ` Stephen Smalley
2004-08-01 14:55     ` Bernd Eckenfels
2004-08-01 15:51       ` Andrea Arcangeli
2004-08-01 17:24         ` Bernd Eckenfels
2004-08-02  3:17         ` Horst von Brand
2004-08-02 16:31           ` Andrea Arcangeli
2004-08-03 12:40   ` Stephen Smalley
2004-08-03 21:02     ` Alexander Lyamin
2004-08-05 11:47       ` Stephen Smalley
2004-08-04  8:57     ` Hans Reiser
2004-08-05 11:48       ` Stephen Smalley
2004-08-07 23:20     ` Hans Reiser
2004-08-09 12:35       ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200408041618.42630.v13@priest.com \
    --to=v13@priest.com \
    --cc=ak@muc.de \
    --cc=andrea@cpushare.com \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox