[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20101222130349.GB13412@elte.hu>
Date: Wed, 22 Dec 2010 14:03:49 +0100
From: Ingo Molnar <mingo@...e.hu>
To: Dan Rosenberg <drosenberg@...curity.com>
Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org,
linux-security-module@...r.kernel.org, jmorris@...ei.org,
eric.dumazet@...il.com, tgraf@...radead.org, eugeneteo@...nel.org,
kees.cook@...onical.com, davem@...emloft.net,
a.p.zijlstra@...llo.nl, akpm@...ux-foundation.org,
eparis@...isplace.org,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH v4] kptr_restrict for hiding kernel pointers
* Dan Rosenberg <drosenberg@...curity.com> wrote:
> +kptr_restrict:
> +
> +This toggle indicates whether restrictions are placed on
> +exposing kernel addresses via /proc and other interfaces. When
> +kptr_restrict is set to (0), the default, there are no
> +restrictions. When kptr_restrict is set to (1), kernel pointers
> +printed using the %pK format specifier will be replaced with 0's
> +unless the user has CAP_SYSLOG. When kptr_restrict is set to
> +(2), kernel pointers printed using %pK will be replaced with 0's
> +regardless of privileges.
Hm, why is it off by default? Is there some user-space regression that is caused by
this?
We really want good security measures to be active by default (and to work by
default) - they are not worth much if they are not.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists