Re: [Security] [PATCH] proc: avoid information leaks to non-privilegedprocesses

From: Linus Torvalds
Date: Mon May 04 2009 - 18:34:47 EST




On Mon, 4 May 2009, Eric W. Biederman wrote:

> Arjan van de Ven <arjan@xxxxxxxxxxxxx> writes:
>
> > On Mon, 4 May 2009 12:00:12 -0700 (PDT)
> > Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> >
> >>
> >>
> >> On Mon, 4 May 2009, Jake Edge wrote:
> >> >
> >> > This is essentially v2 of "[PATCH] proc: avoid leaking eip, esp, or
> >> > wchan to non-privileged processes", adding some of Eric Biederman's
> >> > suggestions as well as the start_stack change (only give out that
> >> > address if the process is ptrace()-able). This has been tested
> >> > with ps and top without any ill effects being seen.
> >>
> >> Looks sane to me. Anybody objects?
> >>
> >
> > Acked-by: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
>
> Looks sane here.
>
> Acked-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>

Ok, applied.

Also, does anybody have any commentary or opinion on the patch by Matt
Mackall to use stronger random numbers than "get_random_int()". I wonder
what the performance impact of that is - "get_random_int()" is very cheap
by design, and many users may consider calling "get_random_bytes()" to be
overkill and a potential performance issue.

Quite frankly, the way "get_random_bytes()" works now (it does a _full_
sha thing every time), I think it's insane overkill. But I do have to
admit that our current "get_random_int()" is insane _underkill_.

I'd like to improve the latter without going to quie the extreme that
matt's patch did.

Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/