Re: [PATCH v4] kptr_restrict for hiding kernel pointers

From: Ingo Molnar
Date: Wed Dec 22 2010 - 08:04:48 EST

Next message: Peter Zijlstra: "Re: [PATCH] kernel: clean up USE_GENERIC_SMP_HELPERS"
Previous message: M. Mohan Kumar: "[PATCH] fs/9p: TREADLINK fix"
In reply to: Dan Rosenberg: "[PATCH v4] kptr_restrict for hiding kernel pointers"
Next in thread: Dan Rosenberg: "Re: [PATCH v4] kptr_restrict for hiding kernel pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Dan Rosenberg <drosenberg@xxxxxxxxxxxxx> wrote:

> +kptr_restrict:
> +
> +This toggle indicates whether restrictions are placed on
> +exposing kernel addresses via /proc and other interfaces. When
> +kptr_restrict is set to (0), the default, there are no
> +restrictions. When kptr_restrict is set to (1), kernel pointers
> +printed using the %pK format specifier will be replaced with 0's
> +unless the user has CAP_SYSLOG. When kptr_restrict is set to
> +(2), kernel pointers printed using %pK will be replaced with 0's
> +regardless of privileges.

Hm, why is it off by default? Is there some user-space regression that is caused by
this?

We really want good security measures to be active by default (and to work by
default) - they are not worth much if they are not.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Zijlstra: "Re: [PATCH] kernel: clean up USE_GENERIC_SMP_HELPERS"
Previous message: M. Mohan Kumar: "[PATCH] fs/9p: TREADLINK fix"
In reply to: Dan Rosenberg: "[PATCH v4] kptr_restrict for hiding kernel pointers"
Next in thread: Dan Rosenberg: "Re: [PATCH v4] kptr_restrict for hiding kernel pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]