Re: [RFC] syscalls, x86: Add __NR_kcmp syscall

[KOSAKI Motohiro]

(1/18/12 6:57 AM), Cyrill Gorcunov wrote:
> On Wed, Jan 18, 2012 at 04:23:24AM -0500, KOSAKI Motohiro wrote:
> > (1/18/12 4:19 AM), Pavel Emelyanov wrote:
> > > > I think Eric only said gt/lt compare is useful. We don't need to expose bare
> > > > pointer order. example, kcmp(rotate(ptr, per-task-random-value)) is enough
> > > > hide the critical information. I think.
> > >
> > > The per-task might break thinks up in case
> > >
> > > (tsk1->file != tsk2->file)&&   (rotate(tsk1->file, tsk1->random) == rotate(tsk2->file, tsk2->rotate))
> >
> > I meant,
> >
> > (tsk1->file != tsk2->file)&&  (rotate(tsk1->file, caller_task->random) == rotate(tsk2->file, caller_task->random))
> >
> >
> > > but I agree, that the overall idea of comparing not bare pointers, but those poisoned with
> > > some global value can address the Peter's concerns about rootkits.
>
> Guys, can we stick with something simplier? I could use hashes here (again?!) or
> even aes encoded pointers extended to 128 bits as it was proposed too. But
> maybe we can live with something more simplier?

The problem of hashes is,

 - SHA1 didn't provide correct "equal or not" policy. (and I don't think sha1 is faster than kcmp)
 - Poisoned pointer can be used to restore original bare pointer.

Do this have the same issue?


> We could export EQ/NE for regular users (which might be usefull for less
> frequently used objects such as namespaces I guess). And GT/LT for root
> only.
>
> Does it look better? Does the change log tells enough?

I dislike. Just EQ/NE is better than "root only" behavior change. it's misleading.
If you dislike GT/LT, please just delete it.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/