Re: [kernel-hardening] [RFC V2 0/6] add more kernel pointer filter options
From: Linus Torvalds
Date: Wed Oct 04 2017 - 12:29:22 EST
On Wed, Oct 4, 2017 at 9:22 AM, Boris Lukashev
<blukashev@xxxxxxxxxxxxxxxx> wrote:
>
> When adding modules from outside the mainline tree (zfs, aufs, scst,
> etc), we would not be able to audit the source, and risk leaking
> sensitive pointers from those components if we dont filter them out
> this way or in a similar programmatic manner.
I call *COMPLETE* bullshit on that argument.
Non-mainlined source code is insecure, and printing some random
address is the *least* of the problems in it.
And the way to make it secure has absolutely nothing to do with printk strings.
Ask somebody about Android camera drivers some day.
Go away. Don't use this specious idiotic argument, all it does is to
make all your other arguments look stupid.
That said, they didn't need much help: ttalking about FDA and medical
equipment as an argument for some particular default value is another
sign that your arguments are UTTER SHIT.
If this is seriously the quality of excuses for this patch-series, I
never ever want to see those patches again.
Linus