lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFxzD=+H_M+Sg_8YRf-JYV-+-yn1c=dFhJWFzSh5yWt9Gg@mail.gmail.com>
Date:   Wed, 4 Oct 2017 08:41:26 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     "Tobin C. Harding" <me@...in.cc>
Cc:     Greg KH <gregkh@...uxfoundation.org>,
        Petr Mladek <pmladek@...e.com>, Joe Perches <joe@...ches.com>,
        Ian Campbell <ijc@...lion.org.uk>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        "kernel-hardening@...ts.openwall.com" 
        <kernel-hardening@...ts.openwall.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Catalin Marinas <catalin.marinas@....com>,
        Will Deacon <will.deacon@....com>,
        Steven Rostedt <rostedt@...dmis.org>,
        William Roberts <william.c.roberts@...el.com>,
        Chris Fries <cfries@...gle.com>,
        Dave Weinstein <olorin@...gle.com>
Subject: Re: [kernel-hardening] [RFC V2 0/6] add more kernel pointer filter options

On Sat, Sep 30, 2017 at 5:06 PM, Tobin C. Harding <me@...in.cc> wrote:
>   lib: vsprintf: default kptr_restrict to the maximum value

So I'm not convinced about this one.

It removes kernel pointers even for root, which is annoying for things
like perf.

And the only physical pointers we should print out during boot etc are
things we *need*.

So kptr_restrict is wrong for that, bercause either we potentially
need those values for debugging ("why does my kernel not boot"), or
they shouldn't be printed at all.

And I think _that_ is the real issue. If there are places that leak,
we should look at those, rather than just say "kptr_restrict".

                 Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ