From: daw@cs.berkeley.edu (David Wagner)
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] getrusage sucks
Date: Sat, 12 Nov 2005 06:37:36 +0000 (UTC) [thread overview]
Message-ID: <dl42jg$s2$1@taverner.CS.Berkeley.EDU> (raw)
In-Reply-To: 20051112005333.GC7991@shell0.pdx.osdl.net
Chris Wright wrote:
>/proc/[pid]/stat. (fs/proc/array.c::do_task_stat).
>
>> Is there any argument
>> that disclosing it to everyone is safe? Or is it just that no one has
>> ever given the security considerations much thought up till now?
>
>I guess it keeps falling in the "too theoretical" category. It can be
>protected by policy, but default is open.
Ahh, I see. I had never looked at /proc/[pid]/stat carefully before.
Well, making /proc/[pid]/stat world-readable by default looks pretty
dubious to me. There's all sorts of stuff there that I suspect should
not be revealed: EIP, stack pointer, stats on paging and swapping, and
so on. I suspect that this is not at all safe. Most crypto algorithms
tend to fall apart when you have side channels like this.
Maybe no one cares, because no one uses Linux in a multi-user setting
where users are motivated to attack each other or attack the system.
But baking this kind of "privilege escalation" vulnerability into the
kernel by default doesn't seem like a good idea to me.
next prev parent reply other threads:[~2005-11-12 6:37 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-10 23:47 [PATCH] getrusage sucks Hua Zhong (hzhong)
2005-11-11 0:23 ` Claudio Scordino
2005-11-11 0:32 ` Magnus Naeslund(f)
2005-11-11 1:11 ` Claudio Scordino
2005-11-11 13:30 ` Alan Cox
2005-11-11 22:38 ` Claudio Scordino
2005-11-11 23:23 ` Alan Cox
2005-11-11 23:02 ` Chris Wright
2005-11-11 23:44 ` David Wagner
2005-11-12 0:53 ` Chris Wright
2005-11-12 6:37 ` David Wagner [this message]
2005-11-11 23:58 ` Alan Cox
2005-11-11 23:43 ` Claudio Scordino
2005-11-11 23:49 ` dean gaudet
2005-11-12 1:10 ` Chris Wright
2005-11-12 15:10 ` making makefile for 2.6 kernel anil dahiya
2005-11-12 15:16 ` anil dahiya
2005-11-12 22:19 ` Sam Ravnborg
2005-11-13 1:34 ` [PATCH] getrusage sucks Claudio Scordino
2005-11-15 16:56 ` Claudio Scordino
2005-11-15 17:00 ` New getrusage Claudio Scordino
2005-11-11 23:08 ` [PATCH] getrusage sucks Claudio Scordino
2005-11-11 23:41 ` David Wagner
2005-11-15 1:08 ` Peter Chubb
-- strict thread matches above, loose matches on Subject: below --
2005-11-15 18:25 linux
2005-11-11 23:49 Hua Zhong (hzhong)
2005-11-10 22:34 Claudio Scordino
2005-11-11 5:06 ` David Wagner
2005-11-11 19:09 ` Lee Revell
2005-11-11 19:13 ` David Wagner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='dl42jg$s2$1@taverner.CS.Berkeley.EDU' \
--to=daw@cs.berkeley.edu \
--cc=daw-usenet@taverner.CS.Berkeley.EDU \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox