From: John Richard Moser <nigelenki@comcast.net>
To: Evgeniy Polyakov <johnpol@2ka.mipt.ru>
Cc: David Miller <davem@davemloft.net>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org
Subject: Re: How does Linux do RTTM?
Date: Sat, 12 Aug 2006 10:53:49 -0400 [thread overview]
Message-ID: <44DDEB7D.7040300@comcast.net> (raw)
In-Reply-To: <20060812135332.GA27390@2ka.mipt.ru>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Evgeniy Polyakov wrote:
> On Sat, Aug 12, 2006 at 09:31:42AM -0400, John Richard Moser (nigelenki@comcast.net) wrote:
>> I'm told now that it uses Jiffies for TCP timestamps. I've had thoughts
>> on this:
>>
>> - I figured a random timestamp with random microsecond skew would be
>> nice but this might expose internals of the RNG; amusingly I'm trying
>> not to expose internals of the RNG by exposing system time.
>>
>> - Someone recommended starting at zero. This would work, really,
>> there's no attacks based on guessing the TCP timestamp value. This is
>> nice since if I want to hax0rz then I might make a connection and see
>> how many jiffies there are to get a feel for the system's uptime; this
>> tells me how long since you upgraded your kernel, so I have an arsenal
>> of vulns I KNOW you haven't fixed ready ;) Starting at 0 doesn't give
>> that information.
>>
>> Comments?
>
> Starting TCP timestamp from zero or any other arbitrary value for each
> new connection will not give you any security benefits. There is no
The TCP timestamp is the vessel; the target is the system uptime.
So, "preventing attackers from discovering the uptime of the remote
system will not give you any security benefits" is your statement.
> simple way aleph1 or e-eye will get a remote shell or steal your credit
> card number if there is a buffer overflow in kernel and they will know
> it's release.
Well, they could throw a netfilter buffer overflow at it; but there's
only ever been one I think. ;) Aside from that, it's a matter of doing
reconaissance BEFORE you get a local non-root or getting a local
non-root and THEN picking out your root elevation exploits, which is
only a few minutes difference.
(then again, storming the Bastille wouldn't have worked if they got to
the front door and sat on their asses for 2 minutes)
> So your proposals just are not needed for majority of people, but if you
> strongly feel it will help to find a cure for cancer, implement it and
> prove it's usefullness to netdev community.
>
It's not so much that as the cost of doing an arbitrary value is storing
the number of jiffies that make zero with each connection; this doesn't
seem significant. On the other hand, it removes one method for getting
a piece of information about the system that nobody said you could have;
some "hardened" configurations disable timestamps altogether for this
(amusingly they don't block ICMP Timestamp Reply outgoing). For the
sake of argument, I can at least say this would improve performance of
the RTTM for the paranoid.
In case you're wondering, myself I find this to be of minimal concern as
long as jiffies/uptime/etc have nothing to do with the PRNGs on the system.
- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
Creative brains are a valuable, limited resource. They shouldn't be
wasted on re-inventing the wheel when there are so many fascinating
new problems waiting out there.
-- Eric Steven Raymond
We will enslave their women, eat their children and rape their
cattle!
-- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIUAwUBRN3rews1xW0HCTEFAQLppA/4nWBgXTgeDQyqAmERS+Ao/XeS1Ts6S///
Vdh5Hkvn3tAo6mfNfpvKtc4Cw1rz8X9YFew4l9gk8nT8rhiWc9Bp/30nRmqbTra7
BDrgIZr11662mjukCWb+G9aSBuG2frs5xNqtO7eSgOhNX5IroYgsbhtVtZlmvsbM
uQjUyO5VBo8J9XmIGGZ7fi1+WwY8a32I8oVE8OKgMeGTuxFOt7ZjcMiwRu3FoISu
qMO1Cvqp6yieyMxswiJNXZcUUv/yBtV233A5g06a4Y9EbCPSLZ+d6LUvhDYdEUYi
XNNzRmCyQwvbyNyiZBVvx/tZNCSRvqwQLB/FTkECCzJpzcLtPooEwiXY1DLI8zew
6boP3C1uxTQZvZfMBhSDvJZ+j0Fs3xNyxe7rF9iigzOH9Zle2EgjUaP90W1Drgxh
Czx1p67UeQBj7+zLS8TW/cjVpNZPkBWOFd7aJjzmjUf+4u7eRtQlVTfS9iDisvT6
NofjN8BkvmtEz34ooORNLSawW9kTcmNva+/Xjx+qHLjvvOGELm/xwXlGdUKBz7MV
TJydVOie8A10WFmFViSyqMUUv/wWqHabmgQPtJ00O+YntvccT5xcyMCVON8x56q7
IEqT+HsdML3AKSXdg7yf3nUp0Ln8LtFAWkYqIbIE/oxOeNiWnOzYp1+FnQHr/Ady
3VS30lcTgA==
=/G41
-----END PGP SIGNATURE-----
prev parent reply other threads:[~2006-08-12 14:54 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <44DACA22.6090701@comcast.net>
[not found] ` <20060809.231244.35509467.davem@davemloft.net>
[not found] ` <44DAF559.8010705@comcast.net>
[not found] ` <20060810.020205.10245646.davem@davemloft.net>
2006-08-12 13:31 ` How does Linux do RTTM? John Richard Moser
2006-08-12 13:53 ` Evgeniy Polyakov
2006-08-12 14:53 ` John Richard Moser [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44DDEB7D.7040300@comcast.net \
--to=nigelenki@comcast.net \
--cc=davem@davemloft.net \
--cc=johnpol@2ka.mipt.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).