Date: Wed, 28 Jun 2017 10:54:08 +0200 From: Michal Hocko <mhocko@...nel.org> To: Kees Cook <keescook@...omium.org> Cc: Laura Abbott <labbott@...hat.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, David Windsor <dave@...lcore.net>, Linux-MM <linux-mm@...ck.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 22/23] usercopy: split user-controlled slabs to separate caches On Tue 27-06-17 15:07:17, Kees Cook wrote: > On Tue, Jun 27, 2017 at 12:31 AM, Michal Hocko <mhocko@...nel.org> wrote: > > But I am not really sure I understand consequences of this patch. So how > > do those attacks look like. Do you have an example of a CVE which would > > be prevented by this measure? > > It's a regular practice, especially for heap grooming. You can see an > example here: > http://cyseclabs.com/blog/cve-2016-6187-heap-off-by-one-exploit > which even recognizes this as a common method, saying "the standard > msgget() technique". Having the separate caches doesn't strictly > _stop_ some attacks, but it changes the nature of what the attacker > has to do. Instead of having a universal way to groom the heap, they > must be forced into other paths. Generally speaking this can reduce > what's possible making the attack either impossible, more expensive to > develop, or less reliable. Thanks that makes it more clear to me. I believe this would be a useful information in the changelog. > >> This would mean building out *_user() versions for all the various > >> *alloc() functions, though. That gets kind of long/ugly. > > > > Only prepare those which are really needed. It seems only handful of > > them in your patch. > > Okay, if that's the desired approach, we can do that. yes please -- Michal Hocko SUSE Labs
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.