Received: by 2002:a05:6358:9144:b0:117:f937:c515 with SMTP id r4csp1043869rwr; Fri, 5 May 2023 08:22:38 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6lGSVV82TXizrPUERaS35SlzPN7Fwe9oVliM83KWxpjDblwjqmue2IQEHbBjK8GtGuV6IV X-Received: by 2002:a05:6a20:1445:b0:f3:b7:b10a with SMTP id a5-20020a056a20144500b000f300b7b10amr2386174pzi.15.1683300158627; Fri, 05 May 2023 08:22:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1683300158; cv=none; d=google.com; s=arc-20160816; b=xozKttSttf8eh7gtMQz6NxnaZ4QFEIMqmIwKuIqTzal7vKkpuXF1r8W5ks2hvjNopQ YXeC3/YC0NJjIh4ok5Gbzi1htmoN0Bbs+X/uSBbzwT2+jRBssJPVTwVAEUty9AYhS81j 6FxjyvFNqAXIdFiNxjtBuLmMfGcXdBDe1AZFxhxlN7EpozDksQcTKsrdA9AwVaUJ8ET/ YWgXpJIyFYPgW35M0vF5wPk5a+0PMa89v65J094XYpjZich2nZapnlBFL9It5k+PN6zs aHpUUzmoRv8bs+pnoetMkzhv909eUwxzbsP465+l+8WjQ+5okSKjbOV9WJOW2aaJCtM3 NmCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:subject :organization:from:references:cc:to:content-language:user-agent :mime-version:date:message-id:dkim-signature; bh=kkrG6TrT6vUt7l/1yAEGc4UPeZE85BI5/e7CQ9gxkxM=; b=ntY1nnXOll//sfjNpPXE8HcCWlDXZg+YV9DY6UaJiB3iQMxsajL30Y3FiBKV9d6FfX K9nBZv8yDDDA7/4Bps82tDtjbmyZZ5yAPWcoKMddBLsnmGQPpthczxiQRQaZgWehnkJ3 wFLTRjRIULuDdKEHgY/T97VUaWRDWCcq27tGNqaIzIoBtIkss3PIeuW6j9RTcPygFh/M s1vrmo+q1C5EQ+SiwHieUfcq5etX09WPQ/nVztFQOrgobi2iGi+eLzR2q7C7airxKn+K nfExBS+SNc1TFqQlyDw0uHBBhmyPrhUp54XY9hjufpdS3AasYnrdLRsyEc+ewqRiNb51 mqFA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=bPMVmpuW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f16-20020a63f110000000b0052863162d64si2384856pgi.586.2023.05.05.08.22.21; Fri, 05 May 2023 08:22:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=bPMVmpuW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232535AbjEEPP7 (ORCPT + 99 others); Fri, 5 May 2023 11:15:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232514AbjEEPP4 (ORCPT ); Fri, 5 May 2023 11:15:56 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C227517DDC for ; Fri, 5 May 2023 08:15:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1683299719; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=kkrG6TrT6vUt7l/1yAEGc4UPeZE85BI5/e7CQ9gxkxM=; b=bPMVmpuW8pXu0KfXPhgVpE9pu6zWngKu5a5omHVvF6fPTLJ9TehIybYlw7iTiKUBExjUaO 0oNP7x1GiHnn+gow4SlCvuPsTGoqokJoNrnuqnLnuRVMca+ngR2KjW6inUoAoLy7A4NpJu E2e9NCA2tF+89wENlv3QrQRMhOKrku4= Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-633-ONZdNSvQNH2sTI4w9-bSww-1; Fri, 05 May 2023 11:15:18 -0400 X-MC-Unique: ONZdNSvQNH2sTI4w9-bSww-1 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-306489b7585so682397f8f.3 for ; Fri, 05 May 2023 08:15:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683299717; x=1685891717; h=content-transfer-encoding:in-reply-to:subject:organization:from :references:cc:to:content-language:user-agent:mime-version:date :message-id:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kkrG6TrT6vUt7l/1yAEGc4UPeZE85BI5/e7CQ9gxkxM=; b=Praw4euYgNdSCFIyxUMp1nxsXW/ZKpz8zqxebXqFS4ayIT5ppE+o4UM7sPfAZM6RKW 5GAIc4RfemRIafhUb/F9nEFaWvo6Y+Ck98+JAOPlmwp30q817tT6Al9nFEvnTv/WDY9n Pp+J/pBZmA5qlxRcbUeGGBhu1rjlvKQlWdkUp0rETxi/jN+SJcbwa+DppeujjLZbBK+K qKjOefZRGbb4iebhiUfWve3tJ68Sllqskmuuj1CXCdIxCj1yEShjz1dZOau8jWimn8Dc t/mlClHw5eGxtiBWj8dRPUPOg9Cy6E8Kf47sy4sF+6UK68SLLLZC9uW0G+3A0/kFoEdv BZwA== X-Gm-Message-State: AC+VfDwirm7wuz+ocDTy4BMvAieu6aXCu+zhyf9eJZFVK/u8wLeRQx+Z DxWN+Y5X6KIHYZkPYXsWca21p0vSRozC7poS3t1LMplxcYXVjX9g1mmiHoeC8Cvgdpy4O6G0kIO QriUd3kXKHr1/KIAmbVPTt8fR X-Received: by 2002:adf:e852:0:b0:2f2:783f:ae4a with SMTP id d18-20020adfe852000000b002f2783fae4amr1565316wrn.32.1683299717085; Fri, 05 May 2023 08:15:17 -0700 (PDT) X-Received: by 2002:adf:e852:0:b0:2f2:783f:ae4a with SMTP id d18-20020adfe852000000b002f2783fae4amr1565295wrn.32.1683299716737; Fri, 05 May 2023 08:15:16 -0700 (PDT) Received: from ?IPV6:2003:cb:c71f:6900:2b25:fc69:599e:3986? (p200300cbc71f69002b25fc69599e3986.dip0.t-ipconnect.de. [2003:cb:c71f:6900:2b25:fc69:599e:3986]) by smtp.gmail.com with ESMTPSA id k17-20020adfe3d1000000b00301a351a8d6sm2704788wrm.84.2023.05.05.08.15.15 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 05 May 2023 08:15:16 -0700 (PDT) Message-ID: Date: Fri, 5 May 2023 17:15:15 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Content-Language: en-US To: Sam James Cc: Michael McCracken , linux-kernel@vger.kernel.org, serge@hallyn.com, tycho@tycho.pizza, Luis Chamberlain , Kees Cook , Iurii Zaikin , Andrew Morton , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, kernel-hardening@lists.openwall.com References: <20230504213002.56803-1-michael.mccracken@gmail.com> <87pm7f9q3q.fsf@gentoo.org> From: David Hildenbrand Organization: Red Hat Subject: Re: [PATCH] sysctl: add config to make randomize_va_space RO In-Reply-To: <87pm7f9q3q.fsf@gentoo.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 05.05.23 09:46, Sam James wrote: > > David Hildenbrand writes: > >> On 04.05.23 23:30, Michael McCracken wrote: >>> Add config RO_RANDMAP_SYSCTL to set the mode of the randomize_va_space >>> sysctl to 0444 to disallow all runtime changes. This will prevent >>> accidental changing of this value by a root service. >>> The config is disabled by default to avoid surprises. >> >> Can you elaborate why we care about "accidental changing of this value >> by a root service"? >> >> We cannot really stop root from doing a lot of stupid things (e.g., >> erase the root fs), so why do we particularly care here? > > (I'm really not defending the utility of this, fwiw). > > In the past, I've seen fuzzing tools and other debuggers try to set > it, and it might be that an admin doesn't realise that. But they could > easily set other dangerous settings unsuitable for production, so... At least fuzzing tools randomly toggling it could actually find real problems. Debugging tools ... makes sense that they might be using it. What I understand is, that it's more of a problem that the system continues running and the disabled randomization isn't revealed to an admin easily. If we really care, not sure what's better: maybe we want to disallow disabling it only in a security lockdown kernel? Or at least warn the user when disabling it? (WARN_TAINT?) -- Thanks, David / dhildenb