On Fri, 2020-04-03 at 09:28 -0700, Ross Vandegrift wrote: > On Thu, Apr 02, 2020 at 04:52:07PM -0400, Noah Meyerhans wrote: > > I'm not sure I'd focus too much on the security implications of KSM, > > though, since it's widely enabled in Debian's generic kernel and kernels > > distributed by other distros. I don't want to cargo-cult it, but > > neither do I want to ignore prior art. > > If it's that widely available, then I think that's a good indicator that > the issues aren't driving practical attacks. So I think we shouldn't > refuse it due to the security questions.
Enabling CONFIG_KSM only means that the feature is available. It's not active by default, so it should have no security impact unless the administrator chooses to enable it (through /sys/kernel/mm/ksm/run). Ben. -- Ben Hutchings 73.46% of all statistics are made up.
signature.asc
Description: This is a digitally signed message part