On Tue, Apr 17, 2018 at 04:42:39PM +0100, James Bottomley wrote:
> Depends how the parameter is passed. If it can be influenced from the
> command line then a large class of "trusted boot" systems actually
> don't verify the command line, so you can boot a trusted system and
> still inject bogus
On Tue, Apr 17, 2018 at 04:42:39PM +0100, James Bottomley wrote:
> Depends how the parameter is passed. If it can be influenced from the
> command line then a large class of "trusted boot" systems actually
> don't verify the command line, so you can boot a trusted system and
> still inject bogus
On Tue, 2018-04-17 at 11:16 -0400, Theodore Y. Ts'o wrote:
> On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote:
> >
> > You don't have to compromise the bootloader to influence this, you
> > merely have to trick it into providing the random number you
> > wanted. The bigger you
On Tue, 2018-04-17 at 11:16 -0400, Theodore Y. Ts'o wrote:
> On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote:
> >
> > You don't have to compromise the bootloader to influence this, you
> > merely have to trick it into providing the random number you
> > wanted. The bigger you
On Tue, 2018-04-17 at 07:07 -0700, Matthew Wilcox wrote:
> On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote:
> > On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote:
> > > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote:
> > > > On Sat, 2018-04-14 at 17:41 -0700,
On Tue, 2018-04-17 at 07:07 -0700, Matthew Wilcox wrote:
> On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote:
> > On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote:
> > > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote:
> > > > On Sat, 2018-04-14 at 17:41 -0700,
On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote:
>
> You don't have to compromise the bootloader to influence this, you
> merely have to trick it into providing the random number you wanted.
> The bigger you make the attack surface (the more inputs) the more
> likelihood of
On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote:
>
> You don't have to compromise the bootloader to influence this, you
> merely have to trick it into providing the random number you wanted.
> The bigger you make the attack surface (the more inputs) the more
> likelihood of
On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote:
> On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote:
> > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote:
> > > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote:
> > > > On Sat, Apr 14, 2018 at 06:44:19PM
On Tue, Apr 17, 2018 at 12:57:12PM +0100, James Bottomley wrote:
> On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote:
> > On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote:
> > > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote:
> > > > On Sat, Apr 14, 2018 at 06:44:19PM
On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote:
> On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote:
> > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote:
> > > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote:
> > > > What needs to happen is freelist
On Tue, 2018-04-17 at 04:47 -0700, Matthew Wilcox wrote:
> On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote:
> > On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote:
> > > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote:
> > > > What needs to happen is freelist
On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote:
> On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote:
> > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote:
> > > What needs to happen is freelist should get randomized much later
> > > in the boot sequence.
On Tue, Apr 17, 2018 at 10:13:34AM +0100, James Bottomley wrote:
> On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote:
> > On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote:
> > > What needs to happen is freelist should get randomized much later
> > > in the boot sequence.
On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote:
> On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote:
> > What needs to happen is freelist should get randomized much later
> > in the boot sequence. Doing it later will require locking; I don't
> > know enough about the
On Sat, 2018-04-14 at 17:41 -0700, Matthew Wilcox wrote:
> On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote:
> > What needs to happen is freelist should get randomized much later
> > in the boot sequence. Doing it later will require locking; I don't
> > know enough about the
On Mon, Apr 16, 2018 at 04:15:44PM +, Thomas Garnier wrote:
> On Mon, Apr 16, 2018 at 8:54 AM Kees Cook wrote:
>
> > On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote:
> > > +linux...@kvack.org
> > > k...@vger.kernel.org, secur...@kernel.org moved
On Mon, Apr 16, 2018 at 04:15:44PM +, Thomas Garnier wrote:
> On Mon, Apr 16, 2018 at 8:54 AM Kees Cook wrote:
>
> > On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote:
> > > +linux...@kvack.org
> > > k...@vger.kernel.org, secur...@kernel.org moved to bcc
> > >
> > > On Sat, Apr 14,
On Mon, Apr 16, 2018 at 8:54 AM Kees Cook wrote:
> On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote:
> > +linux...@kvack.org
> > k...@vger.kernel.org, secur...@kernel.org moved to bcc
> >
> > On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan
On Mon, Apr 16, 2018 at 8:54 AM Kees Cook wrote:
> On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote:
> > +linux...@kvack.org
> > k...@vger.kernel.org, secur...@kernel.org moved to bcc
> >
> > On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote:
> >> SLAB allocators got
On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote:
> +linux...@kvack.org
> k...@vger.kernel.org, secur...@kernel.org moved to bcc
>
> On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote:
>> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
>>
On Sat, Apr 14, 2018 at 3:44 PM, Theodore Y. Ts'o wrote:
> +linux...@kvack.org
> k...@vger.kernel.org, secur...@kernel.org moved to bcc
>
> On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote:
>> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
>> allocation
On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote:
> What needs to happen is freelist should get randomized much later in
> the boot sequence. Doing it later will require locking; I don't know
> enough about the slab/slub code to know whether the slab_mutex would
> be sufficient,
On Sat, Apr 14, 2018 at 06:44:19PM -0400, Theodore Y. Ts'o wrote:
> What needs to happen is freelist should get randomized much later in
> the boot sequence. Doing it later will require locking; I don't know
> enough about the slab/slub code to know whether the slab_mutex would
> be sufficient,
On Sat, Apr 14, 2018 at 03:41:42PM -0700, Andy Lutomirski wrote:
> On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan wrote:
> > SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
> > allocation pattern inside a slab:
> >
> >
> > #ifdef
On Sat, Apr 14, 2018 at 03:41:42PM -0700, Andy Lutomirski wrote:
> On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan wrote:
> > SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
> > allocation pattern inside a slab:
> >
> >
> > #ifdef CONFIG_SLAB_FREELIST_RANDOM
> >
+linux...@kvack.org
k...@vger.kernel.org, secur...@kernel.org moved to bcc
On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote:
> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
> allocation pattern inside a slab:
>
> int cache_random_seq_create(struct
+linux...@kvack.org
k...@vger.kernel.org, secur...@kernel.org moved to bcc
On Sat, Apr 14, 2018 at 10:59:21PM +0300, Alexey Dobriyan wrote:
> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
> allocation pattern inside a slab:
>
> int cache_random_seq_create(struct
On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan wrote:
> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
> allocation pattern inside a slab:
>
>
> #ifdef CONFIG_SLAB_FREELIST_RANDOM
> /* Pre-initialize the random sequence cache */
>
On Sat, Apr 14, 2018 at 12:59 PM, Alexey Dobriyan wrote:
> SLAB allocators got CONFIG_SLAB_FREELIST_RANDOM option which randomizes
> allocation pattern inside a slab:
>
>
> #ifdef CONFIG_SLAB_FREELIST_RANDOM
> /* Pre-initialize the random sequence cache */
> static int
30 matches
Mail list logo