Linus Torvalds opts for the scream test: Linux kernel syscall tweaked to shut data-leak hole – anyone upset, yell now
And he did it without swearing... folks with broken programs may act otherwise
The Linux kernel will be tweaked to mitigate data-stealing attacks that exploit system page caches.
As we revealed first over the weekend, a group of experts – including some of the researchers who discovered the Spectre family of chip flaws – worked out how to get operating system page caches to leak information from one application to another. Among other things, a successful exploit would allow malware or rogue logged-in users to swipe sensitive data from application sandboxes that they should not otherwise be able to access.
For Linux environments, the issue has been assigned CVE-2019-5489. That bug database entry notes that remote attacks are possible, for example, by exploiting latency in accessing files via an Apache web server to potentially sniff private data.
The Windows kernel was also vulnerable, and updated for Insider testers ahead of the paper's public reveal on Monday, with the patch due for a formal rollout. Now the Linux kernel has followed suit with this fix to the
mincore syscall, which should trickle into distros once it's undergone testing.
New side-channel leak: Boffins bash operating system page caches until they spill secretsREAD MORE
Publishing the patch, kernel chieftain Linus Torvalds wrote that
mincore's traditional semantic “exposes a lot of system cache state that it really probably shouldn't, and that users shouldn't really even care about.”
That made fixing the issue relatively straightforward, he added: “So let's try to avoid that information leak by simply changing the semantics to be that mincore() counts actual mapped pages, not pages that might be cheaply mapped if they were faulted.”
As is often the case in software projects, something complex that's just working can remain untouched for a very long time, lest someone breaks it. And such is the case for this syscall. Torvalds noted that
mincore semantics were ill-defined from the beginning, though, with a code comment from 2000 stating “later we can get more picky about what 'in core' means precisely.”
Torvalds said the patch shouldn't have any downstream effects. While the update is “a real semantic change,” he hoped that nobody has “any workflow that cares.” If fixing
mincore breaks someone's software, Torvalds said, it may be necessary to revisit the code. That, to us, sounds like a real-life scream test. ®