[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFwmVdeLFs1-HJGXeOBz5WgJinCDNAu7mcr+fJhjQp+mEg@mail.gmail.com>
Date: Wed, 4 Oct 2017 09:29:16 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Boris Lukashev <blukashev@...pervictus.com>
Cc: "Tobin C. Harding" <me@...in.cc>,
Greg KH <gregkh@...uxfoundation.org>,
Petr Mladek <pmladek@...e.com>, Joe Perches <joe@...ches.com>,
Ian Campbell <ijc@...lion.org.uk>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
"kernel-hardening@...ts.openwall.com"
<kernel-hardening@...ts.openwall.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will.deacon@....com>,
Steven Rostedt <rostedt@...dmis.org>,
William Roberts <william.c.roberts@...el.com>,
Chris Fries <cfries@...gle.com>,
Dave Weinstein <olorin@...gle.com>
Subject: Re: [kernel-hardening] [RFC V2 0/6] add more kernel pointer filter options
On Wed, Oct 4, 2017 at 9:22 AM, Boris Lukashev
<blukashev@...pervictus.com> wrote:
>
> When adding modules from outside the mainline tree (zfs, aufs, scst,
> etc), we would not be able to audit the source, and risk leaking
> sensitive pointers from those components if we dont filter them out
> this way or in a similar programmatic manner.
I call *COMPLETE* bullshit on that argument.
Non-mainlined source code is insecure, and printing some random
address is the *least* of the problems in it.
And the way to make it secure has absolutely nothing to do with printk strings.
Ask somebody about Android camera drivers some day.
Go away. Don't use this specious idiotic argument, all it does is to
make all your other arguments look stupid.
That said, they didn't need much help: ttalking about FDA and medical
equipment as an argument for some particular default value is another
sign that your arguments are UTTER SHIT.
If this is seriously the quality of excuses for this patch-series, I
never ever want to see those patches again.
Linus
Powered by blists - more mailing lists