lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 10 Oct 2020 12:55:20 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Russell King - ARM Linux admin <linux@...linux.org.uk>
Cc:     Xiaoming Ni <nixiaoming@...wei.com>, dima@...sta.com,
        will@...nel.org, akpm@...ux-foundation.org,
        christian.brauner@...ntu.com, viro@...iv.linux.org.uk,
        ldufour@...ux.ibm.com, amanieu@...il.com, walken@...gle.com,
        ben.dooks@...ethink.co.uk, tglx@...utronix.de,
        bigeasy@...utronix.de, mingo@...nel.org,
        vincent.whitchurch@...s.com, linux-arm-kernel@...ts.infradead.org,
        linux-kernel@...r.kernel.org, wangle6@...wei.com,
        luohaizheng@...wei.com
Subject: Re: [PATCH] arm:traps: Don't print stack or raw PC/LR values in
 backtraces

On Fri, Oct 09, 2020 at 09:08:50AM +0100, Russell King - ARM Linux admin wrote:
> On Fri, Oct 09, 2020 at 03:59:57PM +0800, Xiaoming Ni wrote:
> > Printing raw pointer values in backtraces has potential security
> > implications and are of questionable value anyway.
> > 
> > This patch follows x86 and arm64's lead and removes the "Exception stack:"
> > dump from kernel backtraces:
> > 	commit a25ffd3a6302a6 ("arm64: traps: Don't print stack or raw
> > 	 PC/LR values in backtraces")
> > 	commit 0ee1dd9f5e7eae ("x86/dumpstack: Remove raw stack dump")
> > 	commit bb5e5ce545f203 ("x86/dumpstack: Remove kernel text
> > 	 addresses from stack dump")
> > 
> > Signed-off-by: Xiaoming Ni <nixiaoming@...wei.com>
> 
> I am really not happy about this - it hurts at least my ability to
> debug the kernel when people post oopses to the mailing list. If
> people wish to make the kernel harder to debug, and are prepared
> to be told "your kernel is undebuggable" then this patch is fine.

At least on x86 we've had this for four years now, without any apparent
harm to debugability.  scripts/faddr2line helps.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ