New Grsec Feature Suggestions

Discuss and suggest new grsecurity features

Moderators: spender, PaX Team

New Grsec Feature Suggestions

Postby bancfc » Fri May 20, 2016 6:42 pm

Hi Spender & PaxTeam. I wanted to propose a few features for Grsec that are relevant beyond the privacy distros like Tails and Whonix (Disclosure: I am a developer of the latter). Convincing upstream Linux to adopt security measures is like smashing one's head against a very large brick wall so I am discussing it here where it counts and so millions of users can potentially benefit.


* TCP Timestamps leak a lot of sensitive data to the network like system uptime and allows attackers to fingerprint users and correlate timestamp leaks in Tor exit traffic with the timestamps in the client -> first hop circuit. Tails and us respond by completely disabling it despite documentation claiming performance problems without it. I recall seeing a patch you wrote for randomizing TCP Timestamps instead which could address privacy concerns but without affecting performance. Is it included in the TCP/IP hardening part of Grsec?

https://mailman.boum.org/pipermail/tail ... 04520.html


* nf_conntrack_helper : Tor's Jacob Appelbaum discussed a feature in this module that allows a bunch of legacy protocol parsers in the kernel when they have no business being there. These code paths were exploited before:

https://mailman.boum.org/pipermail/tail ... 07537.html

Can these be disabled by the Grsec patch out of the box?


* TCP Initial Sequence Numbers: Under an attacker controlled CPU load, a server's kernel timers used for TCP ISNs skew at a predictable rate which can be used to deanonymize Hidden Services. Is it possible to randomize the timer output somehow to mitigate this?

http://www.cl.cam.ac.uk/~sjm217/papers/ ... tornot.pdf
bancfc
 
Posts: 9
Joined: Fri Apr 15, 2016 3:55 pm

Return to grsecurity development

cron