| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 16 Mar 2013 10:54:57 +0100 From: Clemens Ladisch <clemens@...isch.de> To: Prarit Bhargava <prarit@...hat.com> CC: linux-kernel@...r.kernel.org Subject: Re: [PATCH] hpet, allow user controlled mmap for user processes Prarit Bhargava wrote: > The CONFIG_HPET_MMAP Kconfig option exposes the memory map of the HPET > registers to userspace. The Kconfig help points out that in some cases this > can be a security risk as some systems may erroneously configure the map such > that additional data is exposed to userspace. I'm not aware of any such system (but cannot rule out the possibility). > In an effort to mitigate this risk, and due to the low number of users > of the MMAP functionality I've introduced a kernel parameter, > hpet_mmap_enable, that is required in order to actually have the HPET > MMAP exposed. This introduces a regression for all users. At least make the default state (allowed/forbidden) configurable. Also, this patch makes the Kconfig help text a lie. Regards, Clemens -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists