* [PATCH] doc: update 'unique identifiers'
@ 2017-12-04 21:22 Tobin C. Harding
2017-12-04 21:28 ` Kees Cook
0 siblings, 1 reply; 6+ messages in thread
From: Tobin C. Harding @ 2017-12-04 21:22 UTC (permalink / raw)
To: Jonathan Corbet
Cc: Tobin C. Harding, Kees Cook, Laura Abbott, Jessica Yu, linux-doc,
linux-kernel
Advice about what to use as a unique identifier is no longer valid since
patch series was merged to hash pointers printed with %p. We can use
this as a unique identifier now.
Signed-off-by: Tobin C. Harding <me@tobin.cc>
---
Documentation/security/self-protection.rst | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst
index 60c8bd8b77bf..f10f47cad825 100644
--- a/Documentation/security/self-protection.rst
+++ b/Documentation/security/self-protection.rst
@@ -274,8 +274,8 @@ Unique identifiers
------------------
Kernel memory addresses must never be used as identifiers exposed to
-userspace. Instead, use an atomic counter, an idr, or similar unique
-identifier.
+userspace. Printk specifier %p hashes addresses by default now and can be
+used as a unique identifier.
Memory initialization
---------------------
--
2.7.4
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers'
2017-12-04 21:22 [PATCH] doc: update 'unique identifiers' Tobin C. Harding
@ 2017-12-04 21:28 ` Kees Cook
2017-12-04 21:44 ` Tobin C. Harding
0 siblings, 1 reply; 6+ messages in thread
From: Kees Cook @ 2017-12-04 21:28 UTC (permalink / raw)
To: Tobin C. Harding
Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML
On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote:
> Advice about what to use as a unique identifier is no longer valid since
> patch series was merged to hash pointers printed with %p. We can use
> this as a unique identifier now.
>
> Signed-off-by: Tobin C. Harding <me@tobin.cc>
I don't agree: %p should still not be encouraged. Exposing an
identifier to userspace needs careful consideration, and atomics,
idrs, etc, continue to be a good recommendation here, as far as I'm
concerned.
-Kees
> ---
> Documentation/security/self-protection.rst | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/Documentation/security/self-protection.rst b/Documentation/security/self-protection.rst
> index 60c8bd8b77bf..f10f47cad825 100644
> --- a/Documentation/security/self-protection.rst
> +++ b/Documentation/security/self-protection.rst
> @@ -274,8 +274,8 @@ Unique identifiers
> ------------------
>
> Kernel memory addresses must never be used as identifiers exposed to
> -userspace. Instead, use an atomic counter, an idr, or similar unique
> -identifier.
> +userspace. Printk specifier %p hashes addresses by default now and can be
> +used as a unique identifier.
>
> Memory initialization
> ---------------------
> --
> 2.7.4
>
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers'
2017-12-04 21:28 ` Kees Cook
@ 2017-12-04 21:44 ` Tobin C. Harding
2017-12-04 21:51 ` Kees Cook
0 siblings, 1 reply; 6+ messages in thread
From: Tobin C. Harding @ 2017-12-04 21:44 UTC (permalink / raw)
To: Kees Cook; +Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML
On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wrote:
> On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote:
> > Advice about what to use as a unique identifier is no longer valid since
> > patch series was merged to hash pointers printed with %p. We can use
> > this as a unique identifier now.
> >
> > Signed-off-by: Tobin C. Harding <me@tobin.cc>
>
> I don't agree: %p should still not be encouraged. Exposing an
> identifier to userspace needs careful consideration, and atomics,
> idrs, etc, continue to be a good recommendation here, as far as I'm
> concerned.
Ok no worries, so these docs are valid and current as is? I have no
agenda with this patch, just attempting to keep the docs in line with
the code :)
thanks,
Tobin.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers'
2017-12-04 21:44 ` Tobin C. Harding
@ 2017-12-04 21:51 ` Kees Cook
2017-12-04 23:39 ` Tobin C. Harding
0 siblings, 1 reply; 6+ messages in thread
From: Kees Cook @ 2017-12-04 21:51 UTC (permalink / raw)
To: Tobin C. Harding
Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML
On Mon, Dec 4, 2017 at 1:44 PM, Tobin C. Harding <me@tobin.cc> wrote:
> On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wrote:
>> On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote:
>> > Advice about what to use as a unique identifier is no longer valid since
>> > patch series was merged to hash pointers printed with %p. We can use
>> > this as a unique identifier now.
>> >
>> > Signed-off-by: Tobin C. Harding <me@tobin.cc>
>>
>> I don't agree: %p should still not be encouraged. Exposing an
>> identifier to userspace needs careful consideration, and atomics,
>> idrs, etc, continue to be a good recommendation here, as far as I'm
>> concerned.
>
> Ok no worries, so these docs are valid and current as is? I have no
> agenda with this patch, just attempting to keep the docs in line with
> the code :)
I think a section could be added/updated discussing leaks and %p (in
that it is hashing now), that would be quite welcome!
I do, probably need to go through this document and update a few things.
-Kees
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers'
2017-12-04 21:51 ` Kees Cook
@ 2017-12-04 23:39 ` Tobin C. Harding
2017-12-05 1:25 ` Kees Cook
0 siblings, 1 reply; 6+ messages in thread
From: Tobin C. Harding @ 2017-12-04 23:39 UTC (permalink / raw)
To: Kees Cook; +Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML
On Mon, Dec 04, 2017 at 01:51:42PM -0800, Kees Cook wrote:
> On Mon, Dec 4, 2017 at 1:44 PM, Tobin C. Harding <me@tobin.cc> wrote:
> > On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wrote:
> >> On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote:
> >> > Advice about what to use as a unique identifier is no longer valid since
> >> > patch series was merged to hash pointers printed with %p. We can use
> >> > this as a unique identifier now.
> >> >
> >> > Signed-off-by: Tobin C. Harding <me@tobin.cc>
> >>
> >> I don't agree: %p should still not be encouraged. Exposing an
> >> identifier to userspace needs careful consideration, and atomics,
> >> idrs, etc, continue to be a good recommendation here, as far as I'm
> >> concerned.
> >
> > Ok no worries, so these docs are valid and current as is? I have no
> > agenda with this patch, just attempting to keep the docs in line with
> > the code :)
>
> I think a section could be added/updated discussing leaks and %p (in
> that it is hashing now), that would be quite welcome!
>
> I do, probably need to go through this document and update a few things.
How about I do whatever generates the least amount of work for you. Is
it easier if I add the %p stuff for you to review or is it easier to
just leave it for you to do in your own time?
thanks,
Tobin.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] doc: update 'unique identifiers'
2017-12-04 23:39 ` Tobin C. Harding
@ 2017-12-05 1:25 ` Kees Cook
0 siblings, 0 replies; 6+ messages in thread
From: Kees Cook @ 2017-12-05 1:25 UTC (permalink / raw)
To: Tobin C. Harding
Cc: Jonathan Corbet, Laura Abbott, Jessica Yu, linux-doc, LKML
On Mon, Dec 4, 2017 at 3:39 PM, Tobin C. Harding <me@tobin.cc> wrote:
> On Mon, Dec 04, 2017 at 01:51:42PM -0800, Kees Cook wrote:
>> On Mon, Dec 4, 2017 at 1:44 PM, Tobin C. Harding <me@tobin.cc> wrote:
>> > On Mon, Dec 04, 2017 at 01:28:45PM -0800, Kees Cook wrote:
>> >> On Mon, Dec 4, 2017 at 1:22 PM, Tobin C. Harding <me@tobin.cc> wrote:
>> >> > Advice about what to use as a unique identifier is no longer valid since
>> >> > patch series was merged to hash pointers printed with %p. We can use
>> >> > this as a unique identifier now.
>> >> >
>> >> > Signed-off-by: Tobin C. Harding <me@tobin.cc>
>> >>
>> >> I don't agree: %p should still not be encouraged. Exposing an
>> >> identifier to userspace needs careful consideration, and atomics,
>> >> idrs, etc, continue to be a good recommendation here, as far as I'm
>> >> concerned.
>> >
>> > Ok no worries, so these docs are valid and current as is? I have no
>> > agenda with this patch, just attempting to keep the docs in line with
>> > the code :)
>>
>> I think a section could be added/updated discussing leaks and %p (in
>> that it is hashing now), that would be quite welcome!
>>
>> I do, probably need to go through this document and update a few things.
>
> How about I do whatever generates the least amount of work for you. Is
> it easier if I add the %p stuff for you to review or is it easier to
> just leave it for you to do in your own time?
If you can write a section on %p leaks, that would be great!
I can clean up other things as work on top of that.
Thanks!
-Kees
>
> thanks,
> Tobin.
--
Kees Cook
Pixel Security
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2017-12-05 1:25 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-04 21:22 [PATCH] doc: update 'unique identifiers' Tobin C. Harding
2017-12-04 21:28 ` Kees Cook
2017-12-04 21:44 ` Tobin C. Harding
2017-12-04 21:51 ` Kees Cook
2017-12-04 23:39 ` Tobin C. Harding
2017-12-05 1:25 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).