Date: Mon, 11 Dec 2017 22:21:09 -0800 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Michael Ellerman <mpe@...erman.id.au> Cc: Andy Shevchenko <andy.shevchenko@...il.com>, Kees Cook <keescook@...omium.org>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, David Laight <David.Laight@...lab.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "mingo@...nel.org" <mingo@...nel.org>, "jiangshanlai@...il.com" <jiangshanlai@...il.com>, "dipankar@...ibm.com" <dipankar@...ibm.com>, "akpm@...ux-foundation.org" <akpm@...ux-foundation.org>, "mathieu.desnoyers@...icios.com" <mathieu.desnoyers@...icios.com>, "josh@...htriplett.org" <josh@...htriplett.org>, "tglx@...utronix.de" <tglx@...utronix.de>, "peterz@...radead.org" <peterz@...radead.org>, "rostedt@...dmis.org" <rostedt@...dmis.org>, "dhowells@...hat.com" <dhowells@...hat.com>, "edumazet@...gle.com" <edumazet@...gle.com>, "fweisbec@...il.com" <fweisbec@...il.com>, "oleg@...hat.com" <oleg@...hat.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, "Tobin C. Harding" <me@...in.cc> Subject: Re: Long live %pK (was Re: [PATCH tip/core/rcu 02/20] torture: Prepare scripting for shift from %p to %pK) This is a perfect example of just %pK being complete shit. %pK doesn't actually do any file permissions right. It looks like it does it, but it's just a hot mess of garbage. And %pK doesn't even work the way you claim it does. Not in the general case, and only with a particular value. On Dec 11, 2017 21:26, "Michael Ellerman" <mpe@...erman.id.au> wrote: I I understand that the CAP_SYSLOG checking that %pK does is kind of gross, but it does work in at least some useful cases like this. What am I missing? Just do the damn thing right, like /proc/kallsyms does these days. With the proper open time cred check, not the wrong one at io time. Which has the added advantage that it actually does the right thing even when you don't have kptr_restrict set, or when you have patches to make it print zero even for people with capabilities. Don't depend on some random flag that has nothing to do with your actual example and that has random values for security. Just say no to kptr_restrict "logic". Your example basically depends entirely on one particular setting, when (a) real distributions have a different value and expose those pointers that your claim shouldn't be exposed and (b) other people are pushing for values that will hide the values that you claim area needed. Linus Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.