From: Avi Kivity <avi@redhat.com>
To: Kyle Moffett <kyle@moffetthome.net>
Cc: Marcus Meissner <meissner@suse.de>,
torvalds@linux-foundation.org, linux-kernel@vger.kernel.org,
tj@kernel.org, akpm@osdl.org, hpa@zytor.com, mingo@elte.hu,
w@1wt.eu, alan@lxorguk.ukuu.org.uk
Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking
Date: Sat, 20 Nov 2010 13:32:31 +0200 [thread overview]
Message-ID: <4CE7B1CF.8060300@redhat.com> (raw)
In-Reply-To: <AANLkTi=F1vbwpOzyN9o0nuRtsEUTQx2j3==kLu9j7Ccb@mail.gmail.com>
On 11/17/2010 07:40 AM, Kyle Moffett wrote:
> (1) For 99%+ of all the computers out there you can get a 90%+
> accurate guess for what kernel is running by looking at the version of
> libc installed on the system. All you have to do for those computers
> is download a bunch of distro kernels and look at the libc packages
> and build a table of "libc6-SOMEVERSION => 0xADDRESS", etc. Because
> of how all the vendors backport and track versions, "SOMEVERSION"
> usually includes something wonderfully helpful like "el5" or "squeeze"
> or whatever. This does *nothing* for those users, and it's not clear
> that it ever *could*.
Isn't the kernel relocatable these days? We can randomize the kernel
load address at boot time and make this information useless.
--
I have a truly marvellous patch that fixes the bug which this
signature is too narrow to contain.
next prev parent reply other threads:[~2010-11-20 11:34 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-11-16 10:46 [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking Marcus Meissner
2010-11-17 5:07 ` Kyle McMartin
2010-11-18 7:48 ` Ingo Molnar
2010-11-20 3:18 ` Kees Cook
2010-11-26 7:51 ` Ingo Molnar
2010-11-17 5:40 ` Kyle Moffett
2010-11-17 5:41 ` Kyle Moffett
2010-11-17 5:58 ` Linus Torvalds
2010-11-17 6:19 ` Willy Tarreau
2010-11-18 7:31 ` Ingo Molnar
2010-11-23 17:24 ` Pavel Machek
2010-11-26 7:38 ` Ingo Molnar
2010-11-29 19:03 ` H. Peter Anvin
2010-11-20 11:32 ` Avi Kivity [this message]
2010-11-19 19:19 ` Sarah Sharp
2010-11-19 19:54 ` Linus Torvalds
2010-11-19 19:58 ` david
2010-11-19 20:04 ` Linus Torvalds
2010-11-19 20:16 ` Willy Tarreau
2010-11-19 20:55 ` david
2010-11-26 7:48 ` Ingo Molnar
2010-11-29 16:33 ` Sarah Sharp
2010-11-29 18:04 ` Ingo Molnar
2010-11-29 19:05 ` H. Peter Anvin
2010-11-29 19:21 ` Eric Paris
2010-11-29 19:38 ` H. Peter Anvin
2010-11-29 21:49 ` Willy Tarreau
2010-11-29 23:31 ` Alan Cox
2010-11-30 11:58 ` Ingo Molnar
2010-11-20 11:05 ` Richard W.M. Jones
-- strict thread matches above, loose matches on Subject: below --
2010-11-19 21:12 Andy Walls
2010-11-19 23:22 ` Linus Torvalds
2010-11-20 2:40 ` Kees Cook
2010-11-20 19:47 ` Henrique de Moraes Holschuh
2010-11-29 22:58 ` Kevin Easton
2010-11-04 10:09 Marcus Meissner
2010-11-04 10:11 ` Tejun Heo
2010-11-04 11:46 ` Ingo Molnar
2010-11-04 12:29 ` Marcus Meissner
2010-11-04 13:58 ` Ingo Molnar
2010-11-04 14:11 ` Ingo Molnar
2010-11-04 14:33 ` Marcus Meissner
2010-11-04 14:38 ` Tejun Heo
2010-11-04 14:43 ` H. Peter Anvin
2010-11-04 14:48 ` Tejun Heo
2010-11-04 19:08 ` Ingo Molnar
2010-11-07 18:02 ` Andi Kleen
2010-11-07 18:32 ` H. Peter Anvin
2010-11-10 8:53 ` Ingo Molnar
2010-11-11 2:51 ` H. Peter Anvin
2010-11-11 7:05 ` Ingo Molnar
2010-11-05 2:38 ` Frank Rowand
2010-11-10 20:58 ` Jesper Juhl
2010-11-05 0:20 ` Jesper Juhl
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CE7B1CF.8060300@redhat.com \
--to=avi@redhat.com \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=hpa@zytor.com \
--cc=kyle@moffetthome.net \
--cc=linux-kernel@vger.kernel.org \
--cc=meissner@suse.de \
--cc=mingo@elte.hu \
--cc=tj@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=w@1wt.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox