Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 19 Sep 2011 22:50:02 +0530
From: Balbir Singh <bsingharora@...il.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Vasiliy Kulikov <segoon@...nwall.com>, Shailabh Nagar <nagar@...ibm.com>, linux-kernel@...r.kernel.org, 
	security@...nel.org, Eric Paris <eparis@...hat.com>, Stephen Wilson <wilsons@...rt.ca>, 
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, David Rientjes <rientjes@...gle.com>, 
	Andrew Morton <akpm@...ux-foundation.org>, Balbir Singh <balbir@...ux.vnet.ibm.com>, 
	kernel-hardening@...ts.openwall.com
Subject: Re: [Security] [PATCH 2/2] taskstats: restrict access to user

On Mon, Sep 19, 2011 at 10:10 PM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> On Thu, Jun 30, 2011 at 8:02 PM, Balbir Singh <bsingharora@...il.com> wrote:
> >>
> >> So that's why I think it should be marked BROKEN. What applications
> >> actually depend on this? iotop and what else? Because if it's just
> >> iotop, I do suspect we might be better off telling people "ok,
> >> disabling this will break iotop, but quite frankly, you're better off
> >> without it".
> >
> > I beg to differ, due to the reasons above. I'd rather find time and
> > fix the pending issues (network namespace), you've fixed the pid
> > namespace issue. I'd also look for exiting listeners
>
> So nothing ever happened on this thread, afaik.
>
> You can still read sensitive information at a byte granularity with taskstats.
>
> Balbir never sent any of the fixes he was supposed to, and none of the
> namespace issues have gotten fixed.
>
> It's now almost three months later, and things are still equally broken.
>
> I think we need to just disable TASKSTAT's. Nobody maintains it, it's
> been a known issue for months, people pointed out problems and even
> sent patches, and nothing happened.
>
> Maybe we can minimize it with the appended patch, but dammit, we need
> to do *something*. If I don't get any reasonable replies, I'm really
> going to have to mark this as known-BROKEN, since nothing ever
> happens, and the "maintainer" clearly doesn't care about security
> issues.
>

Sorry, I've been bogged down with work issues and have not had time to
look at it. If someone else wants to take a look while I am busy, I'd
be happy. The patch you've sent seems reasonable, but I'd suggest a
changelog

"Change taskstats user interface, henceforth we need (for security
purposes) CAP_SYS_ADMIN to receive taskstats
data on a particular CPU, a subset or all CPUs on the system. The
patch also rounds the data returned to the KiloByte
boundary for IO parameters, read_bytes, write_bytes and cancelled_write_bytes"

Thanks for looking into this.
Balbir

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.