On Thu, Jul 31, 2025 at 06:29:00AM -0400, Jeff Layton wrote: > "If you think you can justify it (in comments and commit log) well > enough to stand up to Linus’s scrutiny, maybe you can use “%px”, along > with making sure you have sensible permissions." > > Is making it only accessible by root not sensible enough? What are > "sensible permissions" in this instance?
Yes, I should have been more clear (or probably should update the document), but root (uid==0) isn't a sufficient permission check, as address exposure is supposed to be bounded by capabilities. Putting a filename into the tree exposes the address to anything that can get a file listing, and DAC access control isn't granular enough. (Thank you again for the fix patch I saw in the other thread!) -- Kees Cook
