From: Andi Kleen <andi@firstfloor.org>
To: Matt Mackall <mpm@selenic.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Arjan van de Ven <arjan@infradead.org>, Jake Edge <jake@lwn.net>,
security@kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
James Morris <jmorris@namei.org>,
linux-security-module@vger.kernel.org,
Eric Paris <eparis@redhat.com>,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
Roland McGrath <roland@redhat.com>,
mingo@redhat.com, Andrew Morton <akpm@linux-foundation.org>,
Greg KH <greg@kroah.com>
Subject: Re: [Security] [PATCH] proc: avoid information leaks to non-privileged processes
Date: Tue, 05 May 2009 10:58:10 +0200 [thread overview]
Message-ID: <87my9sncyl.fsf@basil.nowhere.org> (raw)
In-Reply-To: <20090505055011.GE31071@waste.org> (Matt Mackall's message of "Tue, 5 May 2009 00:50:11 -0500")
Matt Mackall <mpm@selenic.com> writes:
>
> Looking forward:
>
> A faster-but-weakened RNG for ASLR (and similar purposes)
We really need it for the user space interface too, right now
recent glibc drains your entropy pool on every exec, and worse
recent kernels drain it now even with old glibc too. So any
system which doesn't have a active high frequency random number
source (which is most systems) doesn't have much real entropy
left for the applications that really need it.
-Andi (who always thought it was a bad idea to let ASLR weaken
your SSL/SSH session keys)
--
ak@linux.intel.com -- Speaking for myself only.
prev parent reply other threads:[~2009-05-05 8:58 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-04 18:51 [PATCH] proc: avoid information leaks to non-privileged processes Jake Edge
2009-05-04 19:00 ` [Security] " Linus Torvalds
2009-05-04 19:51 ` Arjan van de Ven
2009-05-04 20:20 ` Eric W. Biederman
2009-05-04 22:24 ` Linus Torvalds
2009-05-04 23:26 ` Arjan van de Ven
2009-05-04 23:54 ` Linus Torvalds
2009-05-05 7:51 ` Eric W. Biederman
2009-05-05 15:17 ` Linus Torvalds
2009-05-05 15:35 ` Linus Torvalds
2009-05-05 16:18 ` Matt Mackall
2009-05-05 16:10 ` Matt Mackall
2009-05-05 5:50 ` Matt Mackall
2009-05-05 6:31 ` Ingo Molnar
2009-05-05 8:14 ` Eric W. Biederman
2009-05-05 19:52 ` Ingo Molnar
2009-05-05 20:22 ` Matt Mackall
2009-05-05 21:20 ` Eric W. Biederman
2009-05-06 10:33 ` Ingo Molnar
2009-05-06 10:30 ` Ingo Molnar
2009-05-06 16:25 ` Matt Mackall
2009-05-06 16:48 ` Linus Torvalds
2009-05-06 17:57 ` Matt Mackall
2009-05-07 0:50 ` Matt Mackall
2009-05-07 15:02 ` Ingo Molnar
2009-05-07 18:14 ` Matt Mackall
2009-05-07 18:21 ` Ingo Molnar
2009-05-07 18:41 ` Ingo Molnar
2009-05-07 19:24 ` Matt Mackall
2009-05-07 15:16 ` Florian Weimer
2009-05-07 16:55 ` Matt Mackall
2009-05-07 17:53 ` Linus Torvalds
2009-05-07 18:42 ` Matt Mackall
2009-05-06 20:09 ` [patch] random: make get_random_int() more random Ingo Molnar
2009-05-06 20:41 ` Matt Mackall
2009-05-06 20:51 ` Ingo Molnar
2009-05-06 21:10 ` Matt Mackall
2009-05-06 21:24 ` Ingo Molnar
2009-05-14 22:47 ` Jake Edge
2009-05-14 22:55 ` [Security] " Linus Torvalds
2009-05-15 13:47 ` Ingo Molnar
2009-05-15 15:10 ` Jake Edge
2009-05-16 10:00 ` Willy Tarreau
2009-05-16 10:39 ` Ingo Molnar
2009-05-16 12:02 ` Eric W. Biederman
2009-05-16 14:00 ` Michael S. Zick
2009-05-16 14:28 ` Michael S. Zick
2009-05-16 14:57 ` Arjan van de Ven
2009-05-16 15:09 ` Michael S. Zick
2009-05-16 14:32 ` Matt Mackall
2009-05-16 13:58 ` Willy Tarreau
2009-05-16 15:23 ` Linus Torvalds
2009-05-16 15:47 ` Willy Tarreau
2009-05-16 15:54 ` Oliver Neukum
2009-05-16 16:05 ` Linus Torvalds
2009-05-16 16:17 ` Linus Torvalds
2009-05-15 1:16 ` Américo Wang
2009-05-06 20:25 ` [Security] [PATCH] proc: avoid information leaks to non-privileged processes Ingo Molnar
2009-05-06 20:52 ` Matt Mackall
2009-05-05 8:58 ` Andi Kleen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87my9sncyl.fsf@basil.nowhere.org \
--to=andi@firstfloor.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=ebiederm@xmission.com \
--cc=eparis@redhat.com \
--cc=greg@kroah.com \
--cc=jake@lwn.net \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=mpm@selenic.com \
--cc=roland@redhat.com \
--cc=security@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox