tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src
[I just noticed you moved it to tech-kern@, no idea why, but anyway:]
On Wed, Aug 26, 2009 at 5:05 PM, David
Holland<dholland-tech%netbsd.org@localhost> wrote:
> On Wed, Aug 26, 2009 at 04:21:41PM -0400, Elad Efrat wrote:
> > > All recycled kernel memory, including stack frames, is considered
> > > security-sensitive and not supposed to be exposed to the world. (Given
> > > that you're working on the security system, you ought to know this.)
> > > It is a matter of proper copyout() usage.
> >
> > If your world is userland only, as I presume by your mentioning of
> > copyout(), then it's rather obvious. I'm more interested in separation
> > between different kernel entities in the (far? :) future.
>
> Entities that share the same memory space inherently have the same
> trust level. At that point it becomes a nonissue, except for e.g.
> cryptographic keys that should already be getting handled properly.
>
> I'm not clear what you have in mind.
First I disagree with your assertion that "all" kernel memory is
considered security-sensitive. Second, the placement of the note in
the kmem(9) man-page seems odd, especially given the practice of
handling security-sensitive information in freed memory is relevant to
all memory allocators regardless of where the security-sensitive
information is used (in the kernel or a userland application). Third,
I've heard interesting things about something called KERNSEAL from the
PaX project that's supposed to provide kernel self-protection.
I'm not suggesting something should be changed, I'm just thinking out loud.
-e.
Home |
Main Index |
Thread Index |
Old Index