From: "Tobin C. Harding" <me@tobin.cc>
To: Kernel Hardening <kernel-hardening@lists.openwall.com>
Cc: "Tobin C. Harding" <me@tobin.cc>, Tycho Andersen <tycho@tycho.ws>,
LKML <linux-kernel@vger.kernel.org>
Subject: [PATCH 0/3] leaking_addresses: limit scan to PID==1
Date: Tue, 27 Feb 2018 15:45:08 +1100 [thread overview]
Message-ID: <1519706711-18580-1-git-send-email-me@tobin.cc> (raw)
This set implements improvements discussed offline with Tycho as well as
from suggestions on LKML.
We no longer bother to scan /proc/PID for every PID on the system.
Instead we only scan /proc/1 (still scan other non-pid related
files/directoies). The reasoning is given in the commit log of patch 1,
duplicated here for reference:
When the system is idle it is likely that most files under
/proc/PID will be identical for various processes. Scanning
_all_ the PIDs under /proc is unnecessary and implies that we
are thoroughly scanning /proc. This is _not_ the case because
there may be ways userspace can trigger creation of /proc files
that leak addresses but were not present during a scan. For
these two reasons we should exclude all PID directories under
/proc except '1/'
Next, we skip parsing /proc/1/syscall as suggested because the pointers
listed are user pointers, and negative syscall args will show up like
kernel pointers.
Finally we remove version number from the script.
This set represents the tip of the branch 'leaks-testing' available at
git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git
thanks,
Tobin.
Tobin C. Harding (3):
leaking_addresses: skip all /proc/PID except /proc/1
leaking_addresses: skip '/proc/1/syscall'
leaking_addresses: remove version number
scripts/leaking_addresses.pl | 14 ++++++++++++--
1 file changed, 12 insertions(+), 2 deletions(-)
--
2.7.4
next reply other threads:[~2018-02-27 4:45 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-27 4:45 Tobin C. Harding [this message]
2018-02-27 4:45 ` [PATCH 1/3] leaking_addresses: skip all /proc/PID except /proc/1 Tobin C. Harding
2018-02-27 5:09 ` Tycho Andersen
2018-02-27 6:29 ` Tobin C. Harding
2018-02-27 7:15 ` Alexander Kapshuk
2018-02-27 21:06 ` Tobin C. Harding
2018-03-01 21:06 ` Tobin C. Harding
2018-03-01 22:46 ` Tycho Andersen
2018-03-03 9:44 ` Alexander Kapshuk
2018-02-27 4:45 ` [PATCH 2/3] leaking_addresses: skip '/proc/1/syscall' Tobin C. Harding
2018-02-27 4:45 ` [PATCH 3/3] leaking_addresses: remove version number Tobin C. Harding
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1519706711-18580-1-git-send-email-me@tobin.cc \
--to=me@tobin.cc \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tycho@tycho.ws \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).