Am 27.01.2014 07:52, schrieb H. Peter Anvin: > Of course, stack traces themselves contain that information, so one > could argue that oops=panic is required in order for kASLR to provide > any kind of security against root. (oops=panic is probably a good idea > in secure environments anyway...)
Now I understand your point. /proc/<pid>/stack and a world-readable /boot also need to be disabled. Deploying a secure kASLR is not easy, especially for end-user distros. Maybe a CONFIG_RANDOMIZE_BASE_I_MEAN_IT which disables various sources of information leakage would help too. ;-) Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
