Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Dec 2017 22:21:09 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Michael Ellerman <mpe@...erman.id.au>
Cc: Andy Shevchenko <andy.shevchenko@...il.com>, Kees Cook <keescook@...omium.org>, 
	"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, David Laight <David.Laight@...lab.com>, 
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mingo@...nel.org" <mingo@...nel.org>, 
	"jiangshanlai@...il.com" <jiangshanlai@...il.com>, "dipankar@...ibm.com" <dipankar@...ibm.com>, 
	"akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, 
	"mathieu.desnoyers@...icios.com" <mathieu.desnoyers@...icios.com>, 
	"josh@...htriplett.org" <josh@...htriplett.org>, "tglx@...utronix.de" <tglx@...utronix.de>, 
	"peterz@...radead.org" <peterz@...radead.org>, "rostedt@...dmis.org" <rostedt@...dmis.org>, 
	"dhowells@...hat.com" <dhowells@...hat.com>, "edumazet@...gle.com" <edumazet@...gle.com>, 
	"fweisbec@...il.com" <fweisbec@...il.com>, "oleg@...hat.com" <oleg@...hat.com>, 
	"kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, "Tobin C. Harding" <me@...in.cc>
Subject: Re: Long live %pK (was Re: [PATCH tip/core/rcu 02/20] torture:
 Prepare scripting for shift from %p to %pK)

This is a perfect example of just %pK being complete shit.

%pK doesn't actually do any file permissions right. It looks like it does
it, but it's just a hot mess of garbage.

And %pK doesn't even work the way you claim it does. Not in the general
case, and only with a particular value.

On Dec 11, 2017 21:26, "Michael Ellerman" <mpe@...erman.id.au> wrote: I


I understand that the CAP_SYSLOG checking that %pK does is kind of
gross, but it does work in at least some useful cases like this.

What am I missing?


Just do the damn thing right, like /proc/kallsyms does these days.

With the proper open time cred check, not the wrong one at io time.

Which has the added advantage that it actually does the right thing even
when you don't have kptr_restrict set, or when you have patches to make it
print zero even for people with capabilities.

Don't depend on some random flag that has nothing to do with your actual
example and that has random values for security.

Just say no to kptr_restrict "logic". Your example basically depends
entirely on one particular setting, when (a) real distributions have a
different value and expose those pointers that your claim shouldn't be
exposed and (b) other people are pushing for values that will hide the
values that you claim area needed.

     Linus

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.