|
|
Subscribe / Log in / New account

An important set of stable kernel updates

An important set of stable kernel updates

Posted Oct 21, 2016 7:34 UTC (Fri) by oldtomas (guest, #72579)
In reply to: An important set of stable kernel updates by spender
Parent article: An important set of stable kernel updates

You're getting on my (and possibly on many people's) nerves.

Go do a service to the community (as this site does) by explaining how the bug works. Publish things. By all means, talk about it. Set up a service which tries to assess each bug fix to the Linux kernel.

But your petty whining[1] ("the fully-funded full-time employee upstream developers". Srsly? What does *that* have to do with the bug or with the prevailing kernel policy -- with which you may disagree, and very rightly so?).

You have the talent to put forth very valid points with a drama which makes it really difficult to find a way to work together. Your otherwise extremely valuable contribution would be totally lost were it not for some people (y'all know who they are) who are willing (masochistic?) to take flak from both sides. To me, those are the real heroes (although you might be smarter or more handsome or what).

And nix, I'm a bit disappointed that you seem to find pleasure in the same game. Go talk to Greg, or Linus. But whining an old whine in a public forum ain't helping anybody.

Pfeh. Had to be told.

[1] A sarcasm a day keeps the doctor away. Whine once, or twice, that's OK. But you should know when you're trapped in an endless loop.

to post comments

An important set of stable kernel updates

Posted Oct 21, 2016 8:28 UTC (Fri) by Lionel_Debroux (subscriber, #30014) [Link]

Well, is there any point in talking to Linus, and his like-minded friends, until they fix their counter-productive views of security ? The arguments told years ago by PaXTeam, spender and others from their side still stand.

Let's examine the mainlining of the five most powerful defenses from PaX/grsecurity against kernel exploitation, which stop most PoCs discussed time and again on LWN and elsewhere, at every step of their execution:
* KERNEXEC (over a decade old, preventing the kernel from blissfully executing payloads in user-space): principle refused by Linus and friends because "the hardware does it". Right, but only for a minority of very recent hardware from the 2010s featuring x86/x86_64 SMEP or ARM/AArch64 PXN, as opposed to protecting most CPUs from this millenium (and not just on x86/x86_64 or ARM/AArch64) ! Plus the GCC plugin infrastructure it uses was only integrated in 4.8, several months ago.
* MEMORY_UDEREF (over a decade old, preventing the kernel from blissfully dereferencing pointers to payloads in user-space): ditto, with "the hardware does it" being even more of a lie, as x86/x86_64 SMAP and ARM PAN are even scarcer in the real world than SMEP / PXN. And there have already been easy SMAP bypasses in mainline;
* RAP (powerful anti-ROP measure): no way, because per-CPU PGDs, another PaX change on which RAP is based, is refused, too;
* CONSTIFY (making const all those needlessly writable "ops" structs, often overwritten by PoCs as a first step to kernel exec): not refused, it's just that nobody seriously does it in mainline (years ago, I contributed several patches extracted from PaX for manually constifying structs, before they switched to a GCC plugin; the situation hasn't changed much);
* RANDSTRUCT (foiling binary exploits by randomizing struct layout): possible now that the GCC plugin infrastructure is in. But the real-world protection brought by this feature is limited, given that pretty much everybody is using publicly downloadable distro kernels, nullifying the effect of RANDSTRUCT.

The three most powerful defenses against kernel exploits are flat out refused. Until this counter-productive stance is reversed, the KSPP efforts will remain of very limited usefulness - and trickling in at a slow pace, what's more: look at how little got in mainline over the past year.
In the meantime, I'm keeping grsec kernels (which are being packaged by a growing number of distros, for very good reason !) on my own computers, using them on a growing number of computers at work, and slowly educating my workmates on how powerful grsecurity is / how lackluster mainline Linux security is / how it is hardly improving.

An important set of stable kernel updates

Posted Oct 21, 2016 13:11 UTC (Fri) by robert_p (guest, #110578) [Link]

> Go do a service to the community (as this site does) by explaining how the bug works. Publish things. By all means, talk about it. Set up a service which tries to assess each bug fix to the Linux kernel.

Because the lead developer of the most comprehensive security-related Kernel patchset with an amazing track record doesn't add anything to the community? Wtf? His arguments are well known but fail on deaf ears. And one person only can do so much, Spender clearly is on the upper end of that scale or beyond...

An important set of stable kernel updates

Posted Oct 21, 2016 17:19 UTC (Fri) by nix (subscriber, #2304) [Link] (2 responses)

And nix, I'm a bit disappointed that you seem to find pleasure in the same game. Go talk to Greg, or Linus. But whining an old whine in a public forum ain't helping anybody.
Oh, believe me, I'm not finding pleasure in the same game. I'm just annoyed by a pointlessly vague commit message and a *really* vague comment which is just the sort of comment the kernel devs would come down really hard on if perpetrated by anyone else. Usually, the argument can be made that Linus couldn't know in advance that a fix would get into -stable and thus that it is plausible that security-by-obscurity by burying the patch in the general flood might work against any attacker less determined than, say, spender -- except in this case he *linked to a commit* that described the vulnerability unambiguously, so what on earth is the point of vaguing up the language in this commit message, and in the patch itself?

I can't see any coherent point of view that would lead to this outcome at all. It manages to combine all the disadvantages of security by obscurity *and* all the disadvantages of early disclosure while cunningly avoiding the advantages of both.

An important set of stable kernel updates

Posted Oct 25, 2016 7:19 UTC (Tue) by oldtomas (guest, #72579) [Link] (1 responses)

> Oh, believe me, I'm not finding pleasure in the same game.

Then Just Don't Play it. There are far more constructive games in this field.

If you see a kernel patch related to a vulnerability, by all means, point it out. Or go support Kees Cook in his attempt at building bridges (for which he regularly harvests sarcasm in the form of "nyah, nyah, we had that 3 years ago, and if he leaves such-and-such out, it's totally worthless anyway"[1]. Bah.)

[1] Perhaps *technically* in its strictest sense correct, but doing a catastrophical disservice to all involved, including spender.
BTW if anyone has seen spender et al saying something *nice* to someone, let me know. I genuinely want to widen my horizon.

An important set of stable kernel updates

Posted Oct 26, 2016 21:51 UTC (Wed) by nix (subscriber, #2304) [Link]

> BTW if anyone has seen spender et al saying something *nice* to someone, let me know. I genuinely want to widen my horizon.

I've seen PaXTeam being, if not nice, at least matter-of-fact and not insulting or superior to Kees a couple of times. It was genuinely shocking.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds