| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210204221143.GB13103@amd>
Date: Thu, 4 Feb 2021 23:11:43 +0100
From: Pavel Machek <pavel@....cz>
To: Timur Tabi <timur@...nel.org>
Cc: Steven Rostedt <rostedt@...dmis.org>,
Petr Mladek <pmladek@...e.com>,
Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
linux-kernel@...r.kernel.org, linux-mm@...ck.org,
willy@...radead.org, akpm@...ux-foundation.org,
torvalds@...ux-foundation.org, roman.fietze@...na.com,
keescook@...omium.org, john.ogness@...utronix.de,
akinobu.mita@...il.com
Subject: Re: [PATCH] lib/vsprintf: make-printk-non-secret printks all
addresses as unhashed
On Thu 2021-02-04 15:59:21, Timur Tabi wrote:
> On 2/4/21 3:49 PM, Pavel Machek wrote:
> >This machine is insecure. Yet I don't see ascii-art *** all around..
> >
> >"Kernel memory addresses are exposed, which is bad for security."
>
> I'll use whatever wording everyone can agree on, but I really don't see much
> difference between "which may compromise security on your system" and "which
> is bad for security". "may compromise" doesn't see any more alarmist than
> "bad". Frankly, "bad" is a very generic term.
Well, I agree that "bad" is vague.... but original wording is simply
untrue, as printing addresses decreases robustness but can't introduce
security problem on its own.
Being alarmist is not my complaint; being untrue is.
Best regards,
Pavel
--
http://www.livejournal.com/~pavelmachek
Download attachment "signature.asc" of type "application/pgp-signature" (182 bytes)
Powered by blists - more mailing lists