|
Message-ID: <20110621182827.GA8960@albatros> Date: Tue, 21 Jun 2011 22:28:27 +0400 From: Vasiliy Kulikov <segoon@...nwall.com> To: James Morris <jmorris@...ei.org> Cc: kernel-hardening@...ts.openwall.com, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: [RFC 2/5 v4] procfs: add hidepid= and gid= mount options On Mon, Jun 20, 2011 at 20:43 +1000, James Morris wrote: > On Mon, 20 Jun 2011, Vasiliy Kulikov wrote: > > > > Can you provide evidence that this is a useful feature? e.g. examples of > > > exploits / techniques which would be _usefully_ hampered or blocked. > > > > First, most of these files are usefull in sense of statistics gathering > > and debugging. There is no reason to provide this information to the > > world. > > > > Second, yes, it blocks one source of information used in timing attacks, > > just use reading the counters as more or less precise time measurement > > when actual timing measurements are not precise enough. > > Can you provide concrete examples? This is a PoC of ~user/.ssh/authorized_keys presence infoleak (and whether it is empty) using taskstats interface: http://www.openwall.com/lists/oss-security/2011/06/21/12 /proc/PID/io can be used too. More close interaction with ssh client would gain authorized_keys' size or, probably, what pam module denied the access. Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.