Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp2701804rwd; Mon, 15 May 2023 15:53:42 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4hP3fEVUNZzIQft6wKbM0g4WrvNeKJgIAudfszSornFzSND5v0KGt95jXALVxvHlx8k+vG X-Received: by 2002:a05:6a20:3d27:b0:100:99a:7f71 with SMTP id y39-20020a056a203d2700b00100099a7f71mr40893789pzi.2.1684191222365; Mon, 15 May 2023 15:53:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684191222; cv=none; d=google.com; s=arc-20160816; b=qxAU92oDt9RpCM/D7VXVncmlZSHJZy0n5BKptPDDqZlxfI2gqJOxR2PFewA/VSHiwX rACG9neA+GmxqISJ1QNHtCZz5BN3d/Kl5srMf132tWqH7UcUnv5A4s/HUidFQMBZRmvs 0gDrWHKYVsTmpE5WTe5strcA0JrZfH6tOKVOcPkO5TKGTkQ8XMKdLjvC8frNdqvrQb3p I0ijdIA+hVBl5DCHNeJstYWeOfQscYXYNjXt4z4Zj3aYuUWAIDSYFVjl3ftevt50toIc aIIIxPeaqA/0q8rZOIutSS7Tix51Oo5rCo2KFgpnmdd3T543/O51On23aAPWWr0aCtOX p4qA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=ikLRWupscOM2nXvh5OebiCzQSs3QLnFIp1fxMMxx+Ko=; b=fBJrWmIEI0ZDtfAYvjCYCXFxqDu3xe5n8Bis2ZZjrgL1G1ekgGxdkuiYzZWW3vbf5q HO8MR0tqsyXypsy6kQOyuQJU81CykFOPVxQfms4Cjymxtki+iTip9iVKEYb5prGK5CkB j4Uya6WWRt8LrH9jPgQcEQ/oLckMagerK5EY+afvCduNOjAiVGrQsPWVh/SoTAZFEtTF v8ui0Jq2nsPuY8IpxEngOIWtYZIhKs0HHsIxJSQrnSJTHRunNvWCrvUKK99PliB4CH5C 2X/ASSynvVfUJQfa9IW5obT68EX5y7+v4WGDwfbMaSc1gz1elEfp5EFTXhRDEmfgpYX/ IBIw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a63-20020a639042000000b0051ba2478f50si17420553pge.511.2023.05.15.15.53.30; Mon, 15 May 2023 15:53:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245564AbjEOWWR (ORCPT + 99 others); Mon, 15 May 2023 18:22:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245344AbjEOWWP (ORCPT ); Mon, 15 May 2023 18:22:15 -0400 X-Greylist: delayed 1801 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Mon, 15 May 2023 15:21:51 PDT Received: from mail.hallyn.com (mail.hallyn.com [178.63.66.53]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D118161A2; Mon, 15 May 2023 15:21:47 -0700 (PDT) Received: from jerom (unknown [128.107.241.165]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: serge) by mail.hallyn.com (Postfix) with ESMTPSA id F0521459; Mon, 15 May 2023 16:43:14 -0500 (CDT) Date: Mon, 15 May 2023 16:43:12 -0500 From: Serge Hallyn To: David Hildenbrand Cc: Michael McCracken , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, tycho@tycho.pizza, Luis Chamberlain , Kees Cook , Iurii Zaikin , Andrew Morton , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org Subject: Re: [PATCH] sysctl: add config to make randomize_va_space RO Message-ID: References: <20230504213002.56803-1-michael.mccracken@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=1.4 required=5.0 tests=BAYES_00,RCVD_IN_SBL_CSS, SPF_HELO_PASS,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Level: * X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, May 05, 2023 at 09:35:59AM +0200, David Hildenbrand wrote: > On 04.05.23 23:30, Michael McCracken wrote: > > Add config RO_RANDMAP_SYSCTL to set the mode of the randomize_va_space > > sysctl to 0444 to disallow all runtime changes. This will prevent > > accidental changing of this value by a root service. > > > > The config is disabled by default to avoid surprises. > > Can you elaborate why we care about "accidental changing of this value by a > root service"? Accidental... malicious... Note that when people run programs as root with reduced or no capabilities they can still write this file. > We cannot really stop root from doing a lot of stupid things (e.g., erase > the root fs), so why do we particularly care here? Regardless of the "real value" of it, I know for a fact there are lots of teams out there adding kernel patches to just change the mode of that file. Why? Possibly to satisfy a scanner, because another team says it's important. The problem with lockdown is it's all or nothing. The problem with LSM for this purpose is that everyone will have to configure their policy differently. So I do think it was worth testing the waters with this patch, to reduce the number of duplicate patches people run with. -serge