|
Date: Fri, 5 May 2023 17:16:58 +0200 From: David Hildenbrand <david@...hat.com> To: Sam James <sam@...too.org> Cc: Michael McCracken <michael.mccracken@...il.com>, linux-kernel@...r.kernel.org, serge@...lyn.com, tycho@...ho.pizza, Luis Chamberlain <mcgrof@...nel.org>, Kees Cook <keescook@...omium.org>, Iurii Zaikin <yzaikin@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, linux-fsdevel@...r.kernel.org, linux-mm@...ck.org, kernel-hardening@...ts.openwall.com Subject: Re: [PATCH] sysctl: add config to make randomize_va_space RO On 05.05.23 17:15, David Hildenbrand wrote: > On 05.05.23 09:46, Sam James wrote: >> >> David Hildenbrand <david@...hat.com> writes: >> >>> On 04.05.23 23:30, Michael McCracken wrote: >>>> Add config RO_RANDMAP_SYSCTL to set the mode of the randomize_va_space >>>> sysctl to 0444 to disallow all runtime changes. This will prevent >>>> accidental changing of this value by a root service. >>>> The config is disabled by default to avoid surprises. >>> >>> Can you elaborate why we care about "accidental changing of this value >>> by a root service"? >>> >>> We cannot really stop root from doing a lot of stupid things (e.g., >>> erase the root fs), so why do we particularly care here? >> >> (I'm really not defending the utility of this, fwiw). >> >> In the past, I've seen fuzzing tools and other debuggers try to set >> it, and it might be that an admin doesn't realise that. But they could >> easily set other dangerous settings unsuitable for production, so... > > At least fuzzing tools randomly toggling it could actually find real > problems. Debugging tools ... makes sense that they might be using it. > > What I understand is, that it's more of a problem that the system > continues running and the disabled randomization isn't revealed to an > admin easily. > > If we really care, not sure what's better: maybe we want to disallow > disabling it only in a security lockdown kernel? Or at least warn the > user when disabling it? (WARN_TAINT?) Sorry, not WARN_TAINT. pr_warn() maybe. Tainting the kernel is probably a bit too much as well. -- Thanks, David / dhildenb
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.