| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 May 2007 10:37:14 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Alan Cox <alan@...rguk.ukuu.org.uk>, Chris Newport <crn@...unix.com>, Ingo Molnar <mingo@...e.hu>, Christoph Lameter <clameter@....com>, Michal Piotrowski <michal.k.k.piotrowski@...il.com>, LKML <linux-kernel@...r.kernel.org>, "Cherwin R. Nooitmeer" <cherwin@...il.com>, linux-pcmcia@...ts.infradead.org, Robert de Rooy <robert.de.rooy@...il.com>, Alan Cox <alan@...hat.com>, Tejun Heo <htejun@...il.com>, sparclinux@...r.kernel.org, David Miller <davem@...emloft.net>, Mikael Pettersson <mikpe@...uu.se>, linux1394-devel@...ts.sourceforge.net, Stefan Richter <stefanr@...6.in-berlin.de>, Kristian H?gsberg <krh@...planet.net>, linux-pm@...ts.linux-foundation.org, "Rafael J. Wysocki" <rjw@...k.pl>, Pavel Machek <pavel@....cz>, Marcus Better <marcus@...ter.se>, Andrey Borzenkov <arvidjaar@...l.ru>, linux-usb-devel@...ts.sourceforge.net, Greg Kroah-Hartman <gregkh@...e.de> Subject: Re: [2/3] 2.6.22-rc2: known regressions v2 On Fri, 25 May 2007 10:19:52 -0700 (PDT) Linus Torvalds <torvalds@...ux-foundation.org> wrote: > > > On Fri, 25 May 2007, Alan Cox wrote: > > > > There is an additional factor - dumps contain data which variously is - > > copyright third parties, protected by privacy laws, just personally > > private, security sensitive (eg browser history) and so on. > > Yes. We're uninterested in pagecache and user memory and they should be omitted from the image (making it enormously smaller too). That leaves security keys and perhaps filenames, and these could probably be addressed. > I'm sure we've had one or two crashdumps over the years that have actually > clarified a bug. > > But I seriously doubt it is more than a handful. We've had a few more than that, but all the ones I recall actually came from the kdump developers who were hitting other bugs and who just happened to know how to drive the thing. > > Diskdump (and even more so netdump) are useful in the hands of a > > developer crashing their own box just like kgdb, but not in the the > > normal and rational end user response of "its broken, hit reset" > > Amen, brother. > > Even for developers, I suspect a _lot_ of people end up doing "ok, let's > bisect this" or some other method to narrow it down to a specific case, > and then staring at the source code once they get to that point. > > At least I hope so. Even in user space, you should generally use gdb to > get a traceback and perhaps variable information, and then go look at the > source code. > > Yes, dumps can (in theory) be useful for one-off issues, but I doubt many > people have ever been able to get anything much more out of them than from > a kernel "oops" message. > > For developers, I can heartily recommend the firewire-based remote debug > facilities that the PowerPC people use. I've used it once or twice, and it > is fairly simple and much better than a full dump (adn it works even when > the CPU is totally locked up, which is the best reason for using it). > > But 99% of the time, the problem doesn't happen on a developer machine, > and even if it does, 90% of the time you really just want the traceback > and register info that you get out of an oops. > Often we don't even get that: "I was in X and it didn't hit the logs". You can learn a hell of a lot by really carefully picking through kernel memory with gdb. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists