[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20170301035214.GA12637@arm.com>
Date: Wed, 1 Mar 2017 03:52:15 +0000
From: Will Deacon <will.deacon@....com>
To: Laura Abbott <labbott@...hat.com>
Cc: Mark Rutland <mark.rutland@....com>,
Ard Biesheuvel <ard.biesheuvel@...aro.org>,
Miles Chen <miles.chen@...iatek.com>,
Catalin Marinas <catalin.marinas@....com>,
linux-mediatek@...ts.infradead.org,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"linux-arm-kernel@...ts.infradead.org"
<linux-arm-kernel@...ts.infradead.org>, wsd_upstream@...iatek.com
Subject: Re: [PATCH] arm64: dump: hide kernel pointers
On Tue, Feb 28, 2017 at 02:55:51PM -0800, Laura Abbott wrote:
> On 02/28/2017 02:04 AM, Mark Rutland wrote:
> > On Tue, Feb 28, 2017 at 08:42:51AM +0000, Ard Biesheuvel wrote:
> >> On 28 February 2017 at 07:05, Miles Chen <miles.chen@...iatek.com> wrote:
> >>> Mask kernel pointers of /sys/kernel/debug/kernel_page_tables entry like
> >>> /proc/vmallocinfo does.
> >>>
> >>> With sysctl kernel.kptr_restrict=0 or 1:
> >>> cat /sys/kernel/debug/kernel_page_tables
> >>
> >> I wonder if this file should be accessible at all if kptr_restrict > 0
> >
> > I don't have strong feelings either way.
> >
> > This isn't typically enabled, and it's under debugfs, so this shouldn't
> > be accessible by a typical user anyhow.
> >
> > That said, there are very few of us who need to take a look at this
> > file. I'm happy to deal with attacking kptr_restrict when required.
> >
>
> In the interest of security it's probably for the best to switch to the
> restricted pointer. Who knows what might get enabled or forgotten about.
> I don't like the idea of tying enablement of the file to kptr_restrict
> though.
... but it's also pretty weird to show the sizes, mapping type and
permissions yet hide the virtual addresses. If you want to keep the file
in spite of kptr_restrict, which bits are actually useful once the
addresses are nobbled?
Will
Powered by blists - more mailing lists