lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202507310952.7255AA30@keescook>
Date: Thu, 31 Jul 2025 09:54:21 -0700
From: Kees Cook <kees@...nel.org>
To: Jeff Layton <jlayton@...nel.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>,
	Maarten Lankhorst <maarten.lankhorst@...ux.intel.com>,
	Maxime Ripard <mripard@...nel.org>,
	Thomas Zimmermann <tzimmermann@...e.de>,
	David Airlie <airlied@...il.com>, Simona Vetter <simona@...ll.ch>,
	Jani Nikula <jani.nikula@...ux.intel.com>,
	Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
	Rodrigo Vivi <rodrigo.vivi@...el.com>,
	Tvrtko Ursulin <tursulin@...ulin.net>,
	Krzysztof Karas <krzysztof.karas@...el.com>,
	Kuniyuki Iwashima <kuniyu@...zon.com>,
	Qasim Ijaz <qasdev00@...il.com>,
	Nathan Chancellor <nathan@...nel.org>, Andrew Lunn <andrew@...n.ch>,
	linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
	dri-devel@...ts.freedesktop.org, intel-gfx@...ts.freedesktop.org
Subject: Re: [PATCH v15 6/9] ref_tracker: automatically register a file in
 debugfs for a ref_tracker_dir

On Thu, Jul 31, 2025 at 06:29:00AM -0400, Jeff Layton wrote:
> "If you think you can justify it (in comments and commit log) well
> enough to stand up to Linus’s scrutiny, maybe you can use “%px”, along
> with making sure you have sensible permissions."
> 
> Is making it only accessible by root not sensible enough? What are
> "sensible permissions" in this instance?

Yes, I should have been more clear (or probably should update the
document), but root (uid==0) isn't a sufficient permission check, as
address exposure is supposed to be bounded by capabilities. Putting a
filename into the tree exposes the address to anything that can get a
file listing, and DAC access control isn't granular enough.

(Thank you again for the fix patch I saw in the other thread!)

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ