Rocksolid Light

News from da outaworlds

mail  files  register  groups  login

Message-ID:  

BOFH excuse #85: Windows 95 undocumented "feature"

comp / comp.os.linux.misc / Re: The Security Circus Continues

SubjectAuthor
* The Security Circus ContinuesLester Thorpe
`* Re: The Security Circus ContinuesComputer Nerd Kev
 `- Re: The Security Circus ContinuesRich

1
Subject: The Security Circus Continues
From: Lester Thorpe
Newsgroups: comp.os.linux.advocacy, comp.os.linux.misc, alt.os.linux
Followup: comp.os.linux.advocacy
Organization: UsenetExpress - www.usenetexpress.com
Date: Wed, 18 Sep 2024 10:32 UTC
From: lt@gnu.rocks (Lester Thorpe)
Subject: The Security Circus Continues
Newsgroups: comp.os.linux.advocacy,comp.os.linux.misc,alt.os.linux
Followup-To: comp.os.linux.advocacy
Mime-Version: 1.0
User-Agent: Don't Look Here the Joke's in Your Pants
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Lines: 34
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!panix!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!feeder.usenetexpress.com!tr2.iad1.usenetexpress.com!news.usenetexpress.com!not-for-mail
Date: Wed, 18 Sep 2024 10:32:06 +0000
Nntp-Posting-Date: Wed, 18 Sep 2024 10:32:06 +0000
X-Received-Bytes: 1590
Organization: UsenetExpress - www.usenetexpress.com
X-Complaints-To: abuse@usenetexpress.com
Message-Id: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
View all headers

The security circus continues... (what else can it do?)

Kernel 6.11 has added yet more security garbage:

SLAB_BUCKETS

"Kernel heap attacks frequently depend on being able to create
specifically-sized allocations with user-controlled contents
that will be allocated into the same kmalloc bucket as a
target object. To avoid sharing these allocation buckets,
provide an explicitly separated set of buckets to be used for
user-controlled allocations. This may very slightly increase
memory fragmentation, though in practice it's only a handful
of extra pages since the bulk of user-controlled allocations
are relatively long-lived."

The rationale:

"many heap memory spraying/grooming attacks depend on using
userspace-controllable dynamically sized allocations to collide with
fixed size allocations that end up in same cache"

Yeah, sure.

Like who/what the fuck will ever attempt that on my personal
desktop workstation?

Just say "No." Keep your fucking security hallucinations off
of my fucking machine.

--
Systemd: solving all the problems that you never knew you had.

Subject: Re: The Security Circus Continues
From: Computer Nerd Kev
Newsgroups: comp.os.linux.misc, alt.os.linux
Organization: Ausics - https://newsgroups.ausics.net
Date: Wed, 18 Sep 2024 21:33 UTC
References: 1
Message-ID: <66eb4736@news.ausics.net>
From: not@telling.you.invalid (Computer Nerd Kev)
Subject: Re: The Security Circus Continues
Newsgroups: comp.os.linux.misc,alt.os.linux
References: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com>
User-Agent: tin/2.0.1-20111224 ("Achenvoir") (UNIX) (Linux/2.4.31 (i586))
NNTP-Posting-Host: news.ausics.net
Date: 19 Sep 2024 07:33:43 +1000
Organization: Ausics - https://newsgroups.ausics.net
Lines: 23
X-Complaints: abuse@ausics.net
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!news.bbs.nz!news.ausics.net!not-for-mail
View all headers

In comp.os.linux.misc Lester Thorpe <lt@gnu.rocks> wrote:
> The security circus continues... (what else can it do?)
>
> Kernel 6.11 has added yet more security garbage:
>
> SLAB_BUCKETS
[snip]
> Like who/what the fuck will ever attempt that on my personal
> desktop workstation?
>
> Just say "No." Keep your fucking security hallucinations off
> of my fucking machine.

Well it looks like you can say no. It's optional, so just build a
kernel without it. Or try to talk your distro maintainer into
disabling it in their build if you don't want to do that.

CONFIG_SLAB_BUCKETS
https://www.kernelconfig.io/CONFIG_SLAB_BUCKETS?kernelversion=6.11&arch=x86

--
__ __
#_ < |\| |< _#

Subject: Re: The Security Circus Continues
From: Rich
Newsgroups: comp.os.linux.misc, alt.os.linux
Organization: A noiseless patient Spider
Date: Wed, 18 Sep 2024 22:08 UTC
References: 1 2
Path: eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: rich@example.invalid (Rich)
Newsgroups: comp.os.linux.misc,alt.os.linux
Subject: Re: The Security Circus Continues
Date: Wed, 18 Sep 2024 22:08:47 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 27
Message-ID: <vcfj1f$7o45$1@dont-email.me>
References: <17f6500d803f0672$39525$1458621$802601b3@news.usenetexpress.com> <66eb4736@news.ausics.net>
Injection-Date: Thu, 19 Sep 2024 00:08:48 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="c0d316b54b1172eeeac5cd712e8fd702";
logging-data="254085"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/ZonciZEpU3+h/XODfPVm1"
User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64))
Cancel-Lock: sha1:O0oLJE7kR4nErLEtBPzn46+2BQs=
View all headers

In comp.os.linux.misc Computer Nerd Kev <not@telling.you.invalid> wrote:
> In comp.os.linux.misc Lester Thorpe <lt@gnu.rocks> wrote:
>> The security circus continues... (what else can it do?)
>>
>> Kernel 6.11 has added yet more security garbage:
>>
>> SLAB_BUCKETS
> [snip]
>> Like who/what the fuck will ever attempt that on my personal
>> desktop workstation?
>>
>> Just say "No." Keep your fucking security hallucinations off
>> of my fucking machine.
>
> Well it looks like you can say no. It's optional, so just build a
> kernel without it. Or try to talk your distro maintainer into
> disabling it in their build if you don't want to do that.
>
> CONFIG_SLAB_BUCKETS
> https://www.kernelconfig.io/CONFIG_SLAB_BUCKETS?kernelversion=6.11&arch=x86

I'll predict that Lester has never, ever, even once, compiled a custom
kernel for themself.

His randings sound an awful lot like a self-centered child "my way, my
way, my way, wah, wah, wah".

1

rocksolid light 0.9.8
clearnet tor