Date: Tue, 7 Sep 2010 12:57:14 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Jon Oberheide <jon@...rheide.org>, oss-security@...ts.openwall.com, security@...nel.org, spender@...ecurity.net, Sebastian Krahmer <krahmer@...e.de> Subject: Re: [Security] Re: /proc infoleaks On Tue, 7 Sep 2010 12:46:56 -0700 Andrew Morton <akpm@...ux-foundation.org> wrote: > We're not going to change the kernel defaults, end of story - that > would break far too much stuff. That being said, it *might* be acceptable to obfuscate the kernel-side addresses. Still print them, but they're all zeroes. I doubt if many tools at all are actually using those. Perhaps a runtime knob which obfuscates those addresses for unprivileged users, something like that. That also being said, I'm not seeing any kernel-side addresses in slabinfo or zoneinfo anyway and I believe some distros already hide kallsyms. More specificity is needed.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.