Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Nov 2017 07:58:20 +1100
From: "Tobin C. Harding" <>
To: David Laight <David.Laight@...LAB.COM>
Cc: ""
	"Jason A. Donenfeld" <>,	Theodore Ts'o <>,
	Linus Torvalds <>,
	Kees Cook <>,	Paolo Bonzini <>,
	Tycho Andersen <>,	"Roberts,
 William C" <>,	Tejun Heo <>,
	Jordan Glover <>,
	Greg KH <>,	Petr Mladek <>,
 Joe Perches <>,	Ian Campbell <>,
	Sergey Senozhatsky <>,
	Catalin Marinas <>,
	Will Deacon <>,	Steven Rostedt <>,
	Chris Fries <>, Dave Weinstein <>,
	Daniel Micay <>,	Djalal Harouni <>,
	"" <>,
	Network Development <>,
	David Miller <>
Subject: Re: [PATCH v4] scripts: add

On Tue, Nov 07, 2017 at 01:56:05PM +0000, David Laight wrote:
> From: Tobin C. Harding
> > Sent: 07 November 2017 10:32
> >
> > Currently we are leaking addresses from the kernel to user space. This
> > script is an attempt to find some of those leakages. Script parses
> > `dmesg` output and /proc and /sys files for hex strings that look like
> > kernel addresses.
> ...
> Maybe the %p that end up in dmesg (via the kernel message buffer) should
> be converted to text in a form that allows the code that reads them to
> substitute alternate text for non-root users?
> Then the actual addresses will be available to root (who can probably
> get most by other means) but not to the casual observer.

Interesting idea. Isn't the same outcome already achieved with
dmesg_restrict. I appreciate that this does beg the question 'why are we
scanning dmesg then?'

There has not been much discussion on dmesg_restrict. Is dmesg_restrict
good enough that we needn't bother scanning it?

thanks for your input,

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.