Re: [PATCH v2 0/4] Checkpoint/Restore: Show in proc IDs of objectsthat can be shared between tasks

From: Cyrill Gorcunov
Date: Sat Nov 19 2011 - 00:35:38 EST


On Fri, Nov 18, 2011 at 03:38:40PM -0800, Matt Helsley wrote:
...
> >
> > Well, in case of hw-rng it should not be that easy, still of course
> > there is no 100% guarantee that there is absolutely no way to predict
> > this mask (espec since it's generated once at lives here forever). But
>
> The random number itself could be of the best quality and the obfuscation
> could still be completely broken from a security standpoint. Put another
> way, we don't need to attack the method the random number was generated.
> We could probably utilize information we have about how the addresses
> themselves are generated.
>

Agreed.

> > whatever makes attacker life harder -- is a good thing. After all we might
> > simply take some hash on kernel address here (such as sha256) since it's
> > not a time-critical operation and as far as I know collision is not found
> > for it yet (??).
>
> Yes, cryptographic hashing seems much better than a highly suspect ad-hoc
> scheme which has barely been analyzed.
>

I'm surely fine with using crypto-hashes here.

> >
> > > b) If we can export these addresses only to CAP_SYS_ADMIN tasks then
> > > we don't need to obfuscate them anyway.
> > >
> > > Which takes me back to again asking: why not make c/r root-only?
> > > And provide non-root access via a carefully-written setuid
> > > front-end?
> > >
> >
> > I think non-root approach is a win in a long term (even if it requires
>
> You could go with the root approach for now and make things more
> permissive later.
>

Root-only makes all things easier, but I fear if we don't start with
non-root from the very beginning it'll remain root-only forever ;)

Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/