On Mon, Sep 19, 2011 at 20:51 +0300, Pekka Enberg wrote: > On Mon, Sep 19, 2011 at 8:35 PM, Vasiliy Kulikov <segoon@xxxxxxxxxxxx> wrote: > >> Yes, but there's no way for users to know where the allocations came from > >> if you mix them up with other kmalloc-128 call-sites. That way the number > >> of private files will stay private to the user, no? Doesn't that give you even > >> better protection against the infoleak? > > > > No, what it gives us is an obscurity, not a protection. I'm sure it > > highly depends on the specific situation whether an attacker is able to > > identify whether the call is from e.g. ecryptfs or from VFS. Also the > > correlation between the number in slabinfo and the real private actions > > still exists. > > How is the attacker able to identify that we kmalloc()'d from ecryptfs or > VFS based on non-root /proc/slabinfo when the slab allocator itself does > not have that sort of information if you mix up the allocations? How can you _guarantee_ that they mix? > Isn't this > much stronger protection especially if you combine that with /proc/slabinfo > restriction? I don't see any reason to change allocators if we close slabinfo. Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/ Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>