On Thu, Aug 25, 2016 at 09:40:12PM -0700, Linus Torvalds wrote: > On Thu, Aug 25, 2016 at 8:19 PM, Josh Poimboeuf <jpoim...@redhat.com> wrote: > > So yes, dmesg_restrict sounds useful to me. It's a way to prevent users > > from seeing kernel addresses without affecting my ability to debug > > issues. For a locked down system, why would non-root users need to > > access dmesg anyway? > > That's the point. It is only useful for locked-down systems. > > But that also means that IT IS NOT USEFUL AS A SECURITY ARGUMENT - > since it's simply not relevant to most systems out there. > > Most systems aren't locked down.
Ok, so maybe removing kernel text addresses from the stack dump wouldn't be the end of the world. But I still don't quite understand your statement that dmesg_restrict is only useful for locked down systems. To prevent kernel address disclosure, it seems we already rely on the user setting kptr_restrict today, otherwise I can do cat /proc/self/stack and the game is already lost, right? So what's the difference between expecting the user to set kptr_restrict vs dmesg_restrict? -- Josh
