STE WILLIAMS

Linus Torvalds opts for the scream test: Linux kernel syscall tweaked to shut data-leak hole – anyone upset, yell now

The Linux kernel will be tweaked to mitigate data-stealing attacks that exploit system page caches.

As we revealed first over the weekend, a group of experts – including some of the researchers who discovered the Spectre family of chip flaws – had worked out how to get operating system page caches to leak information from one application to another. Among other things, a successful exploit would allow malware or rogue logged-in users to swipe sensitive data from application sandboxes that they should not otherwise be able to access.

For Linux environments, the issue has been assigned CVE-2019-5489. That bug database entry also notes that remote attacks could, for example, exploit latency differences in accessing files from an Apache Web server.

The Windows kernel was patched for Insider testers ahead of the paper’s public reveal on Monday, with the patch due for a formal rollout. Now the Linux kernel has followed suit with this fix to the mincore syscall, which should be trickling into distros once it’s undergone testing.

A woman looking over a man's shoulder at his computer screen

New side-channel leak: Boffins bash operating system page caches until they spill secrets

READ MORE

Publishing the patch, kernel chieftain Linus Torvalds wrote that mincore‘s traditional semantic “exposes a lot of system cache state that it really probably shouldn’t, and that users shouldn’t really even care about.”

That made fixing the issue relatively straightforward, he added: “So let’s try to avoid that information leak by simply changing the semantics to be that mincore() counts actual mapped pages, not pages that might be cheaply mapped if they were faulted.”

As is often the case in software projects, something complex that’s just working can remain untouched for a very long time, lest someone break it. And such is the case for this syscall. Torvalds noted that mincore semantics were ill-defined from the beginning, though, with a code comment from 2000 stating “later we can get more picky about what ‘in core’ means precisely.”

Torvalds said the patch shouldn’t have any downstream effects. While the update is “a real semantic change,” he hoped that nobody has “any workflow that cares.” If fixing mincore breaks someone’s software, Torvalds said, it may be necessary to revisit the code. That, to us, sounds like a real-life scream test. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2019/01/08/linux_patch_page_cache/

  • 08/01/2019
  • adm
Comments are closed.