From: Ingo Molnar <mingo@kernel.org>
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: Richard Weinberger <richard.weinberger@gmail.com>,
"H. Peter Anvin" <hpa@linux.intel.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Cong Ding <dinggnu@gmail.com>, Ingo Molnar <mingo@elte.hu>,
Kees Cook <keescook@chromium.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Mathias Krause <minipli@googlemail.com>,
Michael Davidson <md@google.com>,
Thomas Gleixner <tglx@linutronix.de>,
Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Subject: Re: [GIT PULL] x86/kaslr for v3.14
Date: Mon, 27 Jan 2014 08:43:35 +0100 [thread overview]
Message-ID: <20140127074335.GA20258@gmail.com> (raw)
In-Reply-To: <20140127073836.GB19617@gmail.com>
* Ingo Molnar <mingo@kernel.org> wrote:
>
> * H. Peter Anvin <hpa@zytor.com> wrote:
>
> > On 01/26/2014 10:49 PM, Richard Weinberger wrote:
> > >>
> > >> No, because that information is available to user space unless we panic.
> > >
> > > Didn't you mean non-root?
> > > I thought one has to set dmesg_restrict anyways if kASLR is used.
> > >
> > > And isn't the offset available to perf too?
> > > Of course only for root, but still user space.
> > >
> >
> > For certain system security levels one want to protect even from a
> > rogue root. In those cases, leaking that information via dmesg and
> > perf isn't going to work, either.
> >
> > With lower security settings, by all means...
>
> The 'no' was categorical and unconditional though, so is the right
> answer perhaps something more along the lines of:
>
> 'Yes, the random offset can be reported in an oops, as long as
> high security setups can turn off the reporting of the offset,
> in their idealistic attempt to protect the system against root.'
>
> ?
'reporting of the offset' should probably be 'reporting kernel data' -
there's many possible ways an oops (and its associated raw stack dump)
can leak the offset, I'm not sure this can ever be made 'safe' against
a rougue root.
Not giving kernel originated debug information at all would. (At the
cost of reducing the utility of having that root user around, of
course.)
Thanks,
Ingo
next prev parent reply other threads:[~2014-01-27 7:43 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-20 16:47 [GIT PULL] x86/kaslr for v3.14 H. Peter Anvin
2014-01-20 22:54 ` Linus Torvalds
2014-01-20 23:00 ` H. Peter Anvin
2014-01-20 23:12 ` Linus Torvalds
2014-01-20 23:13 ` H. Peter Anvin
2014-01-21 9:00 ` Peter Zijlstra
2014-01-21 14:20 ` H. Peter Anvin
2014-01-21 14:39 ` Ingo Molnar
2014-01-21 14:51 ` H. Peter Anvin
2014-01-21 14:56 ` Ingo Molnar
2014-01-21 18:37 ` Kees Cook
2014-01-21 10:27 ` Ingo Molnar
2014-01-21 13:55 ` H. Peter Anvin
2014-01-21 14:03 ` Ingo Molnar
2014-01-21 14:05 ` H. Peter Anvin
2014-01-21 14:14 ` Ingo Molnar
2014-01-21 14:17 ` H. Peter Anvin
2014-01-21 5:18 ` Kees Cook
2014-01-23 9:39 ` Pavel Machek
2014-01-26 10:16 ` Richard Weinberger
2014-01-27 5:33 ` H. Peter Anvin
2014-01-27 6:49 ` Richard Weinberger
2014-01-27 6:51 ` H. Peter Anvin
2014-01-27 7:38 ` Ingo Molnar
2014-01-27 7:43 ` Ingo Molnar [this message]
2014-01-27 7:59 ` Richard Weinberger
2014-01-30 22:07 ` Vivek Goyal
2014-01-31 16:57 ` Kees Cook
2014-02-07 14:49 ` Vivek Goyal
2014-02-07 16:04 ` H. Peter Anvin
2014-02-07 16:24 ` Vivek Goyal
2014-02-07 23:16 ` Dave Young
2014-02-07 23:20 ` H. Peter Anvin
2014-02-07 23:28 ` Dave Young
2014-02-07 19:07 ` H. Peter Anvin
2014-02-07 19:44 ` Kees Cook
2014-01-27 6:52 ` H. Peter Anvin
2014-01-27 7:34 ` Richard Weinberger
2014-01-27 17:05 ` Kees Cook
2014-01-27 17:20 ` Richard Weinberger
2014-01-27 17:24 ` Kees Cook
2014-01-28 6:28 ` Ingo Molnar
2014-01-28 8:25 ` Richard Weinberger
2014-01-28 15:55 ` H. Peter Anvin
2014-01-28 16:25 ` Richard Weinberger
2014-01-28 16:30 ` H. Peter Anvin
2014-01-28 16:51 ` Linus Torvalds
2014-01-28 17:05 ` Ingo Molnar
2014-01-28 17:12 ` Linus Torvalds
2014-01-28 17:24 ` Richard Weinberger
2014-01-28 17:35 ` Linus Torvalds
2014-01-28 17:52 ` Richard Weinberger
2014-01-28 17:56 ` Linus Torvalds
2014-01-28 18:54 ` Richard Weinberger
2014-01-28 19:48 ` Ingo Molnar
2014-01-28 20:07 ` Linus Torvalds
2014-01-28 20:15 ` Borislav Petkov
2014-01-28 20:25 ` Linus Torvalds
2014-01-28 20:28 ` Richard Weinberger
2014-01-28 20:38 ` H. Peter Anvin
2014-01-29 8:25 ` Ingo Molnar
2014-01-29 10:40 ` Borislav Petkov
2014-01-28 20:49 ` Borislav Petkov
2014-01-28 23:37 ` Borislav Petkov
2014-01-28 21:08 ` Dave Jones
2014-01-29 6:36 ` Mike Galbraith
2014-01-29 8:11 ` Ingo Molnar
2014-01-29 8:27 ` Mathias Krause
2014-01-30 9:23 ` Ingo Molnar
2014-01-30 18:15 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140127074335.GA20258@gmail.com \
--to=mingo@kernel.org \
--cc=dinggnu@gmail.com \
--cc=hpa@linux.intel.com \
--cc=hpa@zytor.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=md@google.com \
--cc=mingo@elte.hu \
--cc=minipli@googlemail.com \
--cc=richard.weinberger@gmail.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=yongjun_wei@trendmicro.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).