From: Willy Tarreau <w@1wt.eu>
To: Ingo Molnar <mingo@elte.hu>
Cc: Marcus Meissner <meissner@suse.de>,
security@kernel.org, mort@sgi.com,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
fweisbec@gmail.com, "H. Peter Anvin" <hpa@zytor.com>,
linux-kernel@vger.kernel.org, jason.wessel@windriver.com,
tj@kernel.org, Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [Security] [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking
Date: Sun, 7 Nov 2010 12:41:56 +0100 [thread overview]
Message-ID: <20101107114156.GV4627@1wt.eu> (raw)
In-Reply-To: <20101107112709.GA2634@elte.hu>
On Sun, Nov 07, 2010 at 12:27:09PM +0100, Ingo Molnar wrote:
> > I don't understand the point you're trying to make with this patch. [...]
>
> It was a simple experiement to support my rather simple argument which you disputed.
OK
> > [...] Obviously we can pretend to be any version, [...]
>
> Ok, it's a pretty cavalier style of arguing that you now essentially turn around
> your earlier claim that the 'kernel version is needed at many places' and say what
> i've been saying, prefixed with 'obviously' ;-)
Huh ?
> Yes, it's obvious that the kernel version is not needed for many functional purposes
> on a modern distro - and that was my exact point.
>
> I cannot think of a single valid case where the proper user-space solution to some
> ABI compatibility detail is a kernel version check.
Ingo, I believe you did not read a single line of my previous mail, because I
precisely gave you counter-examples of that. The first use is simply the user
running "uname -a" to see if *he* can safely enable feature X or Y which is
known to be badly broken in some old versions.
> I'd even argue that we want to
> keep unprivileged user-space from being able to implement such crappy version checks
> ...
I'd say that *YOU* want that despite the fact that on mainstream distros, it
buys nothing since it's easy to guess the real version anyway as I showed you.
Don't forget that you proposed this in order to hide symbols from a small set
of well-known distro kernels. And the most important in my opinion is that it
does not bring anything to those who are currently victim of exploits : those
who don't upgrade, because their uptime alone is enough to *know* that the
vuln you want to exploit is still there.
At some places, your proposal would probably end up with uname being
chmoded +s so that users stop asking the admin for trivial things. That
really makes no sense.
Willy
next prev parent reply other threads:[~2010-11-07 11:42 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-04 10:09 [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking Marcus Meissner
2010-11-04 10:11 ` Tejun Heo
2010-11-05 0:11 ` [Security] " Eugene Teo
2010-11-04 11:46 ` Ingo Molnar
2010-11-04 12:29 ` Marcus Meissner
2010-11-04 13:58 ` Ingo Molnar
2010-11-04 14:11 ` Ingo Molnar
2010-11-04 14:33 ` Marcus Meissner
2010-11-04 14:38 ` Tejun Heo
2010-11-04 14:43 ` H. Peter Anvin
2010-11-04 14:48 ` Tejun Heo
2010-11-04 19:08 ` Ingo Molnar
2010-11-04 21:29 ` [Security] " Willy Tarreau
2010-11-04 21:51 ` Ingo Molnar
2010-11-04 22:35 ` Willy Tarreau
2010-11-04 23:46 ` Willy Tarreau
2010-11-07 8:50 ` Ingo Molnar
2010-11-07 9:08 ` Ingo Molnar
2010-11-07 9:49 ` Willy Tarreau
2010-11-07 11:27 ` Ingo Molnar
2010-11-07 11:41 ` Willy Tarreau [this message]
2010-11-07 11:47 ` Ingo Molnar
2010-11-07 11:56 ` Willy Tarreau
2010-11-07 12:12 ` Ingo Molnar
2010-11-07 12:22 ` Willy Tarreau
2010-11-07 12:25 ` Ingo Molnar
2010-11-07 12:39 ` Willy Tarreau
2010-11-07 12:32 ` Ingo Molnar
2010-11-07 12:51 ` Willy Tarreau
2010-11-07 15:27 ` Alan Cox
2010-11-08 6:29 ` Ingo Molnar
2010-11-07 11:42 ` Ingo Molnar
2010-11-07 11:51 ` Willy Tarreau
2010-11-07 12:37 ` Ingo Molnar
2010-11-07 12:55 ` Willy Tarreau
2010-11-07 8:56 ` Ingo Molnar
2010-11-07 9:03 ` Ingo Molnar
[not found] ` <20101104215157.GA25128@ <20101107090805.GA27983@elte.hu>
2010-11-13 13:06 ` Gilles Espinasse
2010-11-07 18:02 ` Andi Kleen
2010-11-07 18:32 ` H. Peter Anvin
2010-11-10 8:53 ` Ingo Molnar
2010-11-11 2:51 ` H. Peter Anvin
2010-11-11 7:05 ` Ingo Molnar
2010-11-05 2:38 ` Frank Rowand
2010-11-10 20:58 ` Jesper Juhl
2010-11-05 0:20 ` Jesper Juhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101107114156.GV4627@1wt.eu \
--to=w@1wt.eu \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@linux-foundation.org \
--cc=fweisbec@gmail.com \
--cc=hpa@zytor.com \
--cc=jason.wessel@windriver.com \
--cc=linux-kernel@vger.kernel.org \
--cc=meissner@suse.de \
--cc=mingo@elte.hu \
--cc=mort@sgi.com \
--cc=security@kernel.org \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox