lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 31 Oct 2015 21:53:01 -0400 From: Jessica Yu <jeyu@...hat.com> To: Chris J Arges <chris.j.arges@...onical.com> Cc: live-patching@...r.kernel.org, Josh Poimboeuf <jpoimboe@...hat.com>, Seth Jennings <sjenning@...hat.com>, Jiri Kosina <jikos@...nel.org>, Vojtech Pavlik <vojtech@...e.com>, linux-api@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: livepatch: old_name@..._addr scheme in livepatch sysfs directory +++ Chris J Arges [30/10/15 22:44 -0500]: >The following directory structure will allow for cases when the same >function name exists in a single object. > /sys/kernel/livepatch/<patch>/<object>/<function@...ress> Hi Chris, thanks for the patch. I think the last time this issue was discussed, the conclusion was that concatenating the address to the function name constitutes as an information leak (as the sysfs entry is visible to non-root users). One option suggested by Josh in that thread would be to do something like "func.n", where n is just the nth occurrence of the symbol name. Another option might be to keep the func@...r format but not make these entries visible to non-root users. Jessica -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists