Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Sep 2010 12:57:14 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Jon Oberheide <jon@...rheide.org>, oss-security@...ts.openwall.com,
        security@...nel.org, spender@...ecurity.net,
        Sebastian Krahmer
 <krahmer@...e.de>
Subject: Re: [Security] Re:  /proc infoleaks

On Tue, 7 Sep 2010 12:46:56 -0700
Andrew Morton <akpm@...ux-foundation.org> wrote:

> We're not going to change the kernel defaults, end of story - that
> would break far too much stuff.

That being said, it *might* be acceptable to obfuscate the kernel-side
addresses.  Still print them, but they're all zeroes.  I doubt if many
tools at all are actually using those.  Perhaps a runtime knob which
obfuscates those addresses for unprivileged users, something like that.

That also being said, I'm not seeing any kernel-side addresses in
slabinfo or zoneinfo anyway and I believe some distros already hide
kallsyms.  More specificity is needed.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.