tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Restricting rdtsc [was: kernel aslr]
Maxime Villard <max%m00nbsd.net@localhost> wrote:
|Having read several papers on the exploitation of cache latency to defeat
|aslr (kernel or not), it appears that disabling the rdtsc instruction is a
|good mitigation on x86. However, some applications can legitimately use it,
|so I would rather suggest restricting it to root instead.
I have used it for random noise in user space. I don't want to
paste it, it is so ridiculous…, but then again a nice example of
user space horror – you may skip the rest at your will.
|The idea is simple: we set CR4_TSD in %cr4, the first time an application
|uses rdtsc it faults, we look at the creds of the lwp, if it is root we
I used it to add noise to my ARC4 random generator upon ()()/call()
time, as in
// strong (noisy) generator?
if(m_d.flags & f_strong) {
#if(__HAVE_RAND_CRYPTOHW)
if(__RAND_CRYPTOHW_OK) {
ret = ::__sf_sys_misc_rand_Strong();
goto jout;
} else
#endif
addNoise();
}
where this was
#if(__HAVE_RAND_CRYPTOHW)
if(!m_d.enpy)
goto jout;
#endif
#if(!__HAVE_RAND_NOISE)
ep.now().setSecond(ep.second() ^ ep.microsecond())
.setMicrosecond(_WEAK(ep.microsecond()));
addNoise(ep.tv(), szof(Epoch::TimeVal));
#else
x = ::__sf_sys_misc_rand_Noise();
stack[0] = x;
x = _WEAK(x);
stack[1] = x;
addNoise(stack, szof(stack));
#endif
#if(__HAVE_RAND_CRYPTOHW)
jout:
#endif
and that with args did a loop that used "random" bytes of the
given "stack" as noise additions to the internal entropy (and
doing one ARC4 stir after each addition).
|What about this?
No longer of any value, it seems to me.
--steffen
Home |
Main Index |
Thread Index |
Old Index