Warn users about machines with non-working WP bit

Warn users about machines with non-working WP bit

Post by Pavel Mache » Fri, 05 Apr 2002 07:10:10



Hi!

This might be good idea, as those machines are not safe for multiuser
systems.

--- clean.2.5/arch/i386/mm/init.c       Sun Mar 10 20:06:31 2002

        local_flush_tlb();

        if (!boot_cpu_data.wp_works_ok) {
-               printk("No.\n");
+               printk("No (that's security hole).\n");
 #ifdef CONFIG_X86_WP_WORKS_OK
                panic("This kernel doesn't support CPU's with broken WP. Recompile it for a 386!");
 #endif

                                                                        Pavel
--
(about SSSCA) "I don't say this lightly.  However, I really think that the U.S.
no longer is classifiable as a democracy, but rather as a plutocracy." --hpa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

Warn users about machines with non-working WP bit

Post by Brian Gers » Fri, 05 Apr 2002 07:30:13



> Hi!

> This might be good idea, as those machines are not safe for multiuser
> systems.

> --- clean.2.5/arch/i386/mm/init.c       Sun Mar 10 20:06:31 2002
> +++ linux/arch/i386/mm/init.c   Mon Mar 11 21:49:14 2002

>         local_flush_tlb();

>         if (!boot_cpu_data.wp_works_ok) {
> -               printk("No.\n");
> +               printk("No (that's security hole).\n");
>  #ifdef CONFIG_X86_WP_WORKS_OK
>                 panic("This kernel doesn't support CPU's with broken WP. Recompile it for a 386!");
>  #endif

>                                                                         Pavel

The "bug" is really the lack of a feature present on 486+ cpus.  A 386
will allow the kernel to write to a write-protected user page (but not a
write-protected kernel page).  In user mode, write protect works as it
should.  The kernel works around this by doing extra checks when writing
to user pages (check the *_user() functions).  It is not a security
hole, because if the kernel wasn't compiled with the workaround, it
refuses to boot on those cpus.

--

                                Brian Gerst
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

 
 
 

Warn users about machines with non-working WP bit

Post by Pavel Mache » Fri, 05 Apr 2002 07:30:15


Hi!

> > This might be good idea, as those machines are not safe for multiuser
> > systems.

> > --- clean.2.5/arch/i386/mm/init.c       Sun Mar 10 20:06:31 2002
> > +++ linux/arch/i386/mm/init.c   Mon Mar 11 21:49:14 2002

> >         local_flush_tlb();

> >         if (!boot_cpu_data.wp_works_ok) {
> > -               printk("No.\n");
> > +               printk("No (that's security hole).\n");
> >  #ifdef CONFIG_X86_WP_WORKS_OK
> >                 panic("This kernel doesn't support CPU's with broken WP. Recompile it for a 386!");
> >  #endif

> >                                                                         Pavel

> The "bug" is really the lack of a feature present on 486+ cpus.  A 386
> will allow the kernel to write to a write-protected user page (but not a
> write-protected kernel page).  In user mode, write protect works as it
> should.  The kernel works around this by doing extra checks when writing
> to user pages (check the *_user() functions).  It is not a security

It is, because those checks are racy when clone() is in use. Linus
stated that few times.
                                                                Pavel
--
Casualities in World Trade Center: ~3k dead inside the building,
cryptography in U.S.A. and free speech in Czech Republic.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
 
 
 

1. Warn users about machines with non-working WP bit

Hi!

Fortunately app has to be seriously missbehaving for this to happen. Fixing
copy_to_user would be nicest; I do not think dropping 386 because of *this*
is good idea... [But it might force 386 users to fix copy_to_user ;-)]

                                                                        Pavel
--
Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt,
details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in

More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

2. SLS 1.03, WD8003, no-go?

3. run a non-root user's program from a non-root user

4. Removing ^M [Cariage Returns ?]

5. TRIVIAL 2.5.12 WP security warning

6. RCA USB cable modem (DCM350)

7. How to let non-root users to reboot the machine?

8. DOSEMU0.49pl3 Released

9. how to allow non-root users to halt the machine?

10. WARNING: WP for Linux Seg Faults!

11. Best Build machine: KT333 w/ 32 bit PCI or KT266 w/ 64 bit pci

12. Starting a 64 bit Sol8 Machine in 32 bit mode