| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 2 Feb 2021 17:34:36 -0500
From: Steven Rostedt <rostedt@...dmis.org>
To: Timur Tabi <timur@...nel.org>
Cc: Kees Cook <keescook@...omium.org>, Petr Mladek <pmladek@...e.com>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
linux-kernel@...r.kernel.org, linux-mm@...ck.org,
willy@...radead.org, akpm@...ux-foundation.org,
torvalds@...ux-foundation.org, roman.fietze@...na.com,
john.ogness@...utronix.de, akinobu.mita@...il.com
Subject: Re: [PATCH] lib/vsprintf: make-printk-non-secret printks all
addresses as unhashed
On Tue, 2 Feb 2021 16:19:20 -0600
Timur Tabi <timur@...nel.org> wrote:
> On 2/2/21 3:52 PM, Kees Cook wrote:
> >> A large warning message is displayed if this option is enabled,
> >> because unhashed addresses, while useful for debugging, exposes
> >> kernel addresses which can be a security risk.
>
> > Linus has expressly said "no" to things like this in the past:
> > https://lore.kernel.org/lkml/CA+55aFwieC1-nAs+NFq9RTwaR8ef9hWa4MjNBWL41F-8wM49eA@mail.gmail.com/
> Maybe I misunderstood, but I thought this is what Vlastimil, Petr,
> Sergey, John, and Steven asked for.
Maybe Linus changed his mind since then?
"I also suspect that everybody has already accepted that KASLR isn't
really working locally anyway (due to all the hw leak models with
cache and TLB timing), so anybody who can look at kernel messages
already probably could figure most of those things out."
https://lore.kernel.org/r/CAHk-=wjnEV2E6vCRxv5S5m27iOjHeVWNbfK=JV8qxot4Do-FgA@mail.gmail.com
-- Steve
Powered by blists - more mailing lists