| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 09 Oct 2013 07:57:56 -0700 From: Joe Perches <joe@...ches.com> To: Dan Rosenberg <dan.j.rosenberg@...il.com> Cc: Ryan Mallon <rmallon@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, eldad@...refinery.com, Jiri Kosina <jkosina@...e.cz>, jgunthorpe@...idianresearch.com, Kees Cook <keescook@...omium.org>, Alexander Viro <viro@...iv.linux.org.uk>, "Eric W. Biederman" <ebiederm@...ssion.com>, George Spelvin <linux@...izon.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH v2] vsprintf: Check real user/group id for %pK On Wed, 2013-10-09 at 07:14 -0400, Dan Rosenberg wrote: > isn't the default value of kptr_restrict 0 now, unless I'm missing > something? If I recall it was 1 when originally written, and then > changed to 0 at some point. Could the documentation be updated to > reflect that? Yeah, the default got changed by --------------------------- commit 411f05f123cbd7f8aa1edcae86970755a6e2a9d9 Author: Ingo Molnar <mingo@...e.hu> Date: Thu May 12 23:00:28 2011 +0200 kptr_restrict has been triggering bugs in apps such as perf, and it also makes the system less useful by default, so turn it off by default. --------------------------- Maybe this: --- Documentation/sysctl/kernel.txt | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/Documentation/sysctl/kernel.txt b/Documentation/sysctl/kernel.txt index 9d4c1d1..c17d5ca 100644 --- a/Documentation/sysctl/kernel.txt +++ b/Documentation/sysctl/kernel.txt @@ -289,14 +289,15 @@ Default value is "/sbin/hotplug". kptr_restrict: -This toggle indicates whether restrictions are placed on -exposing kernel addresses via /proc and other interfaces. When -kptr_restrict is set to (0), there are no restrictions. When -kptr_restrict is set to (1), the default, kernel pointers -printed using the %pK format specifier will be replaced with 0's -unless the user has CAP_SYSLOG. When kptr_restrict is set to -(2), kernel pointers printed using %pK will be replaced with 0's -regardless of privileges. +This toggle indicates whether restrictions are placed on exposing kernel +addresses via /proc and other interfaces. + +When kptr_restrict is set to (0), the default, there are no restrictions. +When kptr_restrict is set to (1), kernel pointers printed using the %pK +format specifier will be replaced with 0's unless the user has CAP_SYSLOG +and effective user and group ids are equal to the real ids. +When kptr_restrict is set to (2), kernel pointers printed using %pK will +be replaced with 0's regardless of privileges. ============================================================== -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists