Re: [Ksummit-discuss] [TOPIC] kernel hardening / self-protection / whatever

ksummit.lists.linux.dev archive mirror
 help / color / mirror / Atom feed

From: ebiederm@xmission.com (Eric W. Biederman)
To: Kees Cook <keescook@chromium.org>
Cc: Jann Horn <jann@thejh.net>,
	"ksummit-discuss@lists.linuxfoundation.org"
	<ksummit-discuss@lists.linuxfoundation.org>
Subject: Re: [Ksummit-discuss] [TOPIC] kernel hardening / self-protection / whatever
Date: Tue, 12 Jul 2016 11:40:45 -0500	[thread overview]
Message-ID: <87vb0a24j6.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <CAGXu5jL=Vj4tY1k7zYp6B1FcvKm7dSYnKFgN7C8Dp1hOztbjwg@mail.gmail.com> (Kees Cook's message of "Mon, 11 Jul 2016 13:57:04 -0400")

Kees Cook <keescook@chromium.org> writes:

> On Mon, Jul 11, 2016 at 12:30 PM, Eric W. Biederman
> <ebiederm@xmission.com> wrote:
>> Andy Lutomirski <luto@amacapital.net> writes:
>>
>>> Are there useful things to discuss in person about hardening?  (I
>>> don't want to bikeshed about the name at the kernel summit if we can
>>> possibly avoid it.)
>>>
>>> Plausible sub-topics include:
>>>
>>>  - "USERCOPY" hardening
>>>
>>>  - Virtually mapped stacks (I'm hoping to have that in for x86 before
>>> kernel summit...)
>>>
>>>  - Refcount
>>>
>>> I don't how much of this really needs an in-person meeting, but maybe
>>> some if it would benefit.
>>
>> Given the history of the previous work on which much of this kernel
>> hardening work is inspired, I think it makes some sense to discuss what
>> is needed to get various features ready for mainline.
>
> This is a much larger topic, I think. The work being done already by
> the Kernel Self Protection Project is highlighting what's needed to
> bring various features into mainline. Generally they require a lot of
> chopping up into distinct pieces, expanding their portability to other
> architectures, more testing, etc.
>
>> Many kernel hardening features are perceived as having downsides affect
>> performance or code maintainability.  Which quite frankly is a security
>> issue of another flavor because if something does not work well, and or
>
> Sure, but I think this will be done on a case-by-case basis, as each
> thing has wildly different aspects. :)
>
>> is not maintainable after a while it won't get used.  Rarely are we in
>> the situation where defense against attack is the most important thing
>> that people who are deploying linux are worried about.
>
> Yup, of course. This is why I'm trying to make sure that things have
> either near-zero impact or are easily configurable.

Please make certain to leave a big fat comment explaining the security
that is added and why.

I have two brand new patchs that I received today or yesterday sitting
in my inbox to remove security features in the kernel.

A patch to remove the limit on /proc/self/exec only being able to be
changed once.

A patch to muck with kexec_file_load, and get it to accept a new flavor
of unsigned data.  At least I think that is what the patch is.

Eric

next prev parent reply	other threads:[~2016-07-12 16:53 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-11  4:28 Andy Lutomirski
2016-07-11 13:05 ` Rafael J. Wysocki
2016-07-11 16:30 ` Eric W. Biederman
2016-07-11 17:57   ` Kees Cook
2016-07-12 16:40     ` Eric W. Biederman [this message]
2016-07-21 15:54   ` Mark Rutland
2016-07-11 17:33 ` Jann Horn
2016-07-19 15:40   ` Eric W. Biederman
2016-07-20  2:14     ` Andy Lutomirski
2016-07-20  2:14       ` Eric W. Biederman
2016-07-20  6:42         ` Herbert Xu
2016-07-21 17:03           ` Eric W. Biederman
2016-07-11 17:53 ` Kees Cook
2016-07-11 18:07   ` Josh Triplett
2016-07-11 18:59     ` Kees Cook
2016-07-31  9:55   ` Paul Burton
2016-07-31 22:04     ` Kees Cook
2016-08-01 10:47       ` Mark Rutland
2016-08-01 19:42         ` Kees Cook
2016-08-03 22:53       ` Catalin Marinas
2016-08-04  5:32         ` Kees Cook
2016-08-04  5:45           ` Andy Lutomirski
2016-08-04  5:54             ` Kees Cook
2016-08-05  0:12               ` Andy Lutomirski
2016-09-08 23:54                 ` Kees Cook
2016-09-09  0:42                   ` Andy Lutomirski
2016-08-04 14:17           ` Dave Hansen
2016-08-04 22:29             ` Catalin Marinas
2016-08-01  9:34     ` [Ksummit-discuss] [nominations] " Mark Rutland

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87vb0a24j6.fsf@x220.int.ebiederm.org \
    --to=ebiederm@xmission.com \
    --cc=jann@thejh.net \
    --cc=keescook@chromium.org \
    --cc=ksummit-discuss@lists.linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox