On Mon, 2011-09-19 at 20:51 +0300, Pekka Enberg wrote:
>> How is the attacker able to identify that we kmalloc()'d from ecryptfs or
>> VFS based on non-root /proc/slabinfo when the slab allocator itself does
>> not have that sort of information if you mix up the allocations? Isn't this
>> much stronger protection especially if you combine that with /proc/slabinfo
>> restriction?
On Mon, Sep 19, 2011 at 9:03 PM, Dave Hansen <dave@xxxxxxxxxxxxxxxxxx> wrote:
> Mixing it up just adds noise. It makes the attack somewhat more
> difficult, but it still leaves open the possibility that the attacker
> can filter out the noise somehow.
So that would mean the attacker has somewhat fine-grained control over
kernel memory allocations, no? Can they use /proc/meminfo to deduce
the same kind of information? Should we close that down too?
Pekka
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@xxxxxxxxx. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Fight unfair telecom internet charges in Canada: sign http://stopthemeter.ca/
Don't email: <a href