Re: [patch 1/4] Add routine for generating an ID for kernel pointer
From: Tejun Heo
Date: Wed Dec 28 2011 - 11:27:25 EST
Hello,
On Wed, Dec 28, 2011 at 08:18:09PM +0400, Cyrill Gorcunov wrote:
> Hi Tejun, thanks for comment! Yes, XOR is useless here in security meaning,
> but it simply breaks impression that these generating numbers "mean" somthing
> (I remained them as Vasily asked).
But that comes at the cost of creating the impression that the XOR
does something, which doesn't seem like a good situation. e.g. Why do
we need per-domain XOR random keys for then? That code now doesn't
mean anything.
> I personally fine to simply leave plain pointers here and root-only access
> since that is enough for us (and our tool will require root privileges
> anyway :)
>
> OTOH, we could add some sha2 here with pointer+cookie as an initial value but I fear
> this will bring more code comlexity and computing sha2 hash is not that
> fast operation, which should be taken into account (note on x86-32 since
> pointers are 32bit values one could compute prehash for all space covered
> and if an attacker will know somehow cookie value the hash will be easily
> broken, not sure if it's really usefull for someone, since if you have root
> access to the machine such IDs will be the last thing attacker should be
> interested in :)
We have the whole crypto subsystem dealing with this. It sure would
be more complex than ^ operator but it's not like you have to open
code the whole thing. Is it really that complex to use?
> And it seems noone except us need this interface yet, so maybe sticking with
> "pointer exported under root-only" would be enough?
Maybe, dunno. But even if it's gonna be raw pointer or XOR'd value
for now, I would suggest exporting it in the form which can be
replaced by proper hash in the future. ie. Don't let userland assume
it's 32bit or 64bit value.
Thanks.
--
tejun
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/