Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <1519706711-18580-1-git-send-email-me@tobin.cc>
Date: Tue, 27 Feb 2018 15:45:08 +1100
From: "Tobin C. Harding" <me@...in.cc>
To: Kernel Hardening <kernel-hardening@...ts.openwall.com>
Cc: "Tobin C. Harding" <me@...in.cc>,
	Tycho Andersen <tycho@...ho.ws>,
	LKML <linux-kernel@...r.kernel.org>
Subject: [PATCH 0/3] leaking_addresses: limit scan to PID==1

This set implements improvements discussed offline with Tycho as well as
from suggestions on LKML.

We no longer bother to scan /proc/PID for every PID on the system.
Instead we only scan /proc/1 (still scan other non-pid related
files/directoies).  The reasoning is given in the commit log of patch 1,
duplicated here for reference:

	When the system is idle it is likely that most files under
	/proc/PID will be identical for various processes.  Scanning
	_all_ the PIDs under /proc is unnecessary and implies that we
	are thoroughly scanning /proc. This is _not_ the case because
	there may be ways userspace can trigger creation of /proc files
	that leak addresses but were not present during a scan.  For
	these two reasons we should exclude all PID directories under
	/proc except '1/' 
    
Next, we skip parsing /proc/1/syscall as suggested because the pointers
listed are user pointers, and negative syscall args will show up like
kernel pointers.

Finally we remove version number from the script.

This set represents the tip of the branch 'leaks-testing' available at

	git://git.kernel.org/pub/scm/linux/kernel/git/tobin/leaks.git


thanks,
Tobin.


Tobin C. Harding (3):
  leaking_addresses: skip all /proc/PID except /proc/1
  leaking_addresses: skip '/proc/1/syscall'
  leaking_addresses: remove version number

 scripts/leaking_addresses.pl | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

-- 
2.7.4

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.