[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-kernel
Subject: Re: [PATCH v2 1/3] x86/bugs: Only harden syscalls when needed
From: Linus Torvalds <torvalds () linux-foundation ! org>
Date: 2024-04-15 15:47:48
Message-ID: CAHk-=wjXidMn6-gGFidXvm0=k_4m-rk5Pgs5HcrtkYKMHYA3xg () mail ! gmail ! com
[Download RAW message or body]
On Mon, 15 Apr 2024 at 08:27, Nikolay Borisov <nik.borisov@suse.com> wrote:
>
> Same as with every issue - assess the problem and develop fixes.
No. Let's have at least all the infrastructure in place to be a bit proactive.
> Let's be honest, the indirect branches in the syscall handler aren't the
> biggest problem
Oh, they have been.
> it's the stacked LSMs.
Hopefully those will get fixed too.
There's a few other fairly reachable ones (the timer indirection ones
are much too close, and VFS file ops aren't entirely out of reach).
But maybe some day we'll be in a situation where it's actually fairly
hard to reach indirect kernel calls from untrusted user space.
The system call ones are pretty much always the first ones, though.
> And even if those get fixes
> chances are the security people will likely find some other avenue of
> attack, I think even now the attack is somewhat hard to pull off.
No disagreement about that. I think outright sw bugs are still the
99.9% thing. But let's learn from history instead of "assess the
problem" every time anew.
Linus
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic