* [PATCH] doc: update 'unique identifiers' @ 2017-12-04 21:22 Tobin C. Harding 2017-12-04 21:28 ` Kees Cook 0 siblings, 1 reply; 6+ messages in thread From: Tobin C. Harding @ 2017-12-04 21:22 UTC (permalink / raw) To: Jonathan Corbet Cc: Tobin C. Harding, Kees Cook, Laura Abbott, Jessica Yu, linux-doc, linux-kernel Advice about what to use as a unique identifier is no longer valid since patch series was merged to hash pointers printed with %p. We can use this as a unique identifier now. Signed-off-by: Tobin C. Harding <me@tobin.cc> --- Documentation/security/self-protection.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst index 60c8bd8b77bf..f10f47cad825 100644 --- a/Documentation/security/self-protection.rst +++ b/Documentation/security/self-protection.rst @@ -274,8 +274,8 @@ Unique identifiers ------------------ Kernel memory addresses must never be used as identifiers exposed to -userspace. Instead, use an atomic counter, an idr, or similar unique -identifier. +userspace. Printk specifier %p hashes addresses by default now and can be +used as a unique identifier. Memory initialization --------------------- -- 2.7.4 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers' 2017-12-04 21:22 [PATCH] doc: update 'unique identifiers' Tobin C. Harding @ 2017-12-04 21:28 ` Kees Cook 2017-12-04 21:44 ` Tobin C. Harding 0 siblings, 1 reply; 6+ messages in thread From: Kees Cook @ 2017-12-04 21:28 UTC (permalink / raw) To: Tobin C. Harding Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote: > Advice about what to use as a unique identifier is no longer valid since > patch series was merged to hash pointers printed with %p. We can use > this as a unique identifier now. > > Signed-off-by: Tobin C. Harding <me@tobin.cc> I don't agree: %p should still not be encouraged. Exposing an identifier to userspace needs careful consideration, and atomics, idrs, etc, continue to be a good recommendation here, as far as I'm concerned. -Kees > --- > Documentation/security/self-protection.rst | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst > index 60c8bd8b77bf..f10f47cad825 100644 > --- a/Documentation/security/self-protection.rst > +++ b/Documentation/security/self-protection.rst > @@ -274,8 +274,8 @@ Unique identifiers > ------------------ > > Kernel memory addresses must never be used as identifiers exposed to > -userspace. Instead, use an atomic counter, an idr, or similar unique > -identifier. > +userspace. Printk specifier %p hashes addresses by default now and can be > +used as a unique identifier. > > Memory initialization > --------------------- > -- > 2.7.4 > -- Kees Cook Pixel Security ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers' 2017-12-04 21:28 ` Kees Cook @ 2017-12-04 21:44 ` Tobin C. Harding 2017-12-04 21:51 ` Kees Cook 0 siblings, 1 reply; 6+ messages in thread From: Tobin C. Harding @ 2017-12-04 21:44 UTC (permalink / raw) To: Kees Cook; +Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wrote: > On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote: > > Advice about what to use as a unique identifier is no longer valid since > > patch series was merged to hash pointers printed with %p. We can use > > this as a unique identifier now. > > > > Signed-off-by: Tobin C. Harding <me@tobin.cc> > > I don't agree: %p should still not be encouraged. Exposing an > identifier to userspace needs careful consideration, and atomics, > idrs, etc, continue to be a good recommendation here, as far as I'm > concerned. Ok no worries, so these docs are valid and current as is? I have no agenda with this patch, just attempting to keep the docs in line with the code :) thanks, Tobin. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers' 2017-12-04 21:44 ` Tobin C. Harding @ 2017-12-04 21:51 ` Kees Cook 2017-12-04 23:39 ` Tobin C. Harding 0 siblings, 1 reply; 6+ messages in thread From: Kees Cook @ 2017-12-04 21:51 UTC (permalink / raw) To: Tobin C. Harding Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML On Mon, Dec 4, 2017 at 1:44 PM, Tobin C. Harding <me@tobin.cc> wrote: > On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wrote: >> On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote: >> > Advice about what to use as a unique identifier is no longer valid since >> > patch series was merged to hash pointers printed with %p. We can use >> > this as a unique identifier now. >> > >> > Signed-off-by: Tobin C. Harding <me@tobin.cc> >> >> I don't agree: %p should still not be encouraged. Exposing an >> identifier to userspace needs careful consideration, and atomics, >> idrs, etc, continue to be a good recommendation here, as far as I'm >> concerned. > > Ok no worries, so these docs are valid and current as is? I have no > agenda with this patch, just attempting to keep the docs in line with > the code :) I think a section could be added/updated discussing leaks and %p (in that it is hashing now), that would be quite welcome! I do, probably need to go through this document and update a few things. -Kees -- Kees Cook Pixel Security ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers' 2017-12-04 21:51 ` Kees Cook @ 2017-12-04 23:39 ` Tobin C. Harding 2017-12-05 1:25 ` Kees Cook 0 siblings, 1 reply; 6+ messages in thread From: Tobin C. Harding @ 2017-12-04 23:39 UTC (permalink / raw) To: Kees Cook; +Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML On Mon, Dec 04, 2017 at 01:51:42PM -0800, Kees Cook wrote: > On Mon, Dec 4, 2017 at 1:44 PM, Tobin C. Harding <me@tobin.cc> wrote: > > On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wrote: > >> On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote: > >> > Advice about what to use as a unique identifier is no longer valid since > >> > patch series was merged to hash pointers printed with %p. We can use > >> > this as a unique identifier now. > >> > > >> > Signed-off-by: Tobin C. Harding <me@tobin.cc> > >> > >> I don't agree: %p should still not be encouraged. Exposing an > >> identifier to userspace needs careful consideration, and atomics, > >> idrs, etc, continue to be a good recommendation here, as far as I'm > >> concerned. > > > > Ok no worries, so these docs are valid and current as is? I have no > > agenda with this patch, just attempting to keep the docs in line with > > the code :) > > I think a section could be added/updated discussing leaks and %p (in > that it is hashing now), that would be quite welcome! > > I do, probably need to go through this document and update a few things. How about I do whatever generates the least amount of work for you. Is it easier if I add the %p stuff for you to review or is it easier to just leave it for you to do in your own time? thanks, Tobin. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers' 2017-12-04 23:39 ` Tobin C. Harding @ 2017-12-05 1:25 ` Kees Cook 0 siblings, 0 replies; 6+ messages in thread From: Kees Cook @ 2017-12-05 1:25 UTC (permalink / raw) To: Tobin C. Harding Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML On Mon, Dec 4, 2017 at 3:39 PM, Tobin C. Harding <me@tobin.cc> wrote: > On Mon, Dec 04, 2017 at 01:51:42PM -0800, Kees Cook wrote: >> On Mon, Dec 4, 2017 at 1:44 PM, Tobin C. Harding <me@tobin.cc> wrote: >> > On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wrote: >> >> On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote: >> >> > Advice about what to use as a unique identifier is no longer valid since >> >> > patch series was merged to hash pointers printed with %p. We can use >> >> > this as a unique identifier now. >> >> > >> >> > Signed-off-by: Tobin C. Harding <me@tobin.cc> >> >> >> >> I don't agree: %p should still not be encouraged. Exposing an >> >> identifier to userspace needs careful consideration, and atomics, >> >> idrs, etc, continue to be a good recommendation here, as far as I'm >> >> concerned. >> > >> > Ok no worries, so these docs are valid and current as is? I have no >> > agenda with this patch, just attempting to keep the docs in line with >> > the code :) >> >> I think a section could be added/updated discussing leaks and %p (in >> that it is hashing now), that would be quite welcome! >> >> I do, probably need to go through this document and update a few things. > > How about I do whatever generates the least amount of work for you. Is > it easier if I add the %p stuff for you to review or is it easier to > just leave it for you to do in your own time? If you can write a section on %p leaks, that would be great! I can clean up other things as work on top of that. Thanks! -Kees > > thanks, > Tobin. -- Kees Cook Pixel Security ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-12-05 1:25 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-12-04 21:22 [PATCH] doc: update 'unique identifiers' Tobin C. Harding 2017-12-04 21:28 ` Kees Cook 2017-12-04 21:44 ` Tobin C. Harding 2017-12-04 21:51 ` Kees Cook 2017-12-04 23:39 ` Tobin C. Harding 2017-12-05 1:25 ` Kees Cook
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox