Re: [PATCH] (please check) Potential security fix for i386/kernel/ptrace.c

Linus Torvalds (torvalds@transmeta.com)
Sun, 20 Sep 1998 18:02:47 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Doug Ledford: "Re: Today Linus redesigns the networking driver interface (was Re: tulip driver in ...)"
Previous message: Joseph H. Buehler: "Re: AVL and hash in memory management"

On Mon, 21 Sep 1998, Jamie Lokier wrote:
>
> On Sun, Sep 20, 1998 at 04:09:00PM -0700, Linus Torvalds wrote:
> > It should actually be safe. The debug trap handler is careful to not
> > aquire any locks (ie no deadlock situations), and should alwasy ignore
> > events from kernel space.
>
> It would still cause a slowdown, perhaps somewhere critical (interrupt
> handler, syscall entry point etc). If a breakpoint is placed in
> encryption code or the /dev/random driver, the timing effects would leak
> information.

Note that it not only ignores the trap, it also clears %db7 if I remember
correctly, exactly to make sure that the trap doesn't ever happen again.

> What happens if a breakpoint is placed in the debug trap handler, the
> syscall entry point, ret_from_syscall etc.?

Nothing bad. It will trap once, but once trapped the hardware already
protects against "recursive" trapping, and the debug register clear will
make sure that it never happens again (or rather - the user needs to set
it up again to make it happen again, at which point he is just a small
nuisance rather than a real bother).

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Doug Ledford: "Re: Today Linus redesigns the networking driver interface (was Re: tulip driver in ...)"
Previous message: Joseph H. Buehler: "Re: AVL and hash in memory management"