Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <476DC76E7D1DF2438D32BFADF679FC561CD15CFC@ORSMSX103.amr.corp.intel.com>
Date: Tue, 11 Oct 2016 18:11:34 +0000
From: "Roberts, William C" <william.c.roberts@...el.com>
To: Kees Cook <keescook@...omium.org>, Jann Horn <jann@...jh.net>
CC: "kernel-hardening@...ts.openwall.com"
	<kernel-hardening@...ts.openwall.com>
Subject: RE: RE: [PATCH] printk: introduce kptr_restrict
 level 3

<snip>

> > I guess it depends on what the goal here is. Do we really want to stop
> > root from ever seeing a kernel pointer (in which case OOPS messages
> > wouldn't really work anymore)? My view is that restricting these
> > interfaces so far that only root can access them and it's unlikely that root
> accidentally does so is sufficient.
> 
> I don't think it's worth worrying about dmesg right now. Maybe later on, but I
> don't think it's worth it right now. Assuming it'll work for things landing in /proc
> and /sys, focusing on the user-buffer-destined stuff seems the best use of time
> to me.
> 

SGTM, I'll start this soon once I get a few other things off of my plate.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.