* Ingo Molnar <mi...@kernel.org> wrote: > > * H. Peter Anvin <h...@zytor.com> wrote: > > > On 01/26/2014 10:49 PM, Richard Weinberger wrote: > > >> > > >> No, because that information is available to user space unless we panic. > > > > > > Didn't you mean non-root? > > > I thought one has to set dmesg_restrict anyways if kASLR is used. > > > > > > And isn't the offset available to perf too? > > > Of course only for root, but still user space. > > > > > > > For certain system security levels one want to protect even from a > > rogue root. In those cases, leaking that information via dmesg and > > perf isn't going to work, either. > > > > With lower security settings, by all means... > > The 'no' was categorical and unconditional though, so is the right > answer perhaps something more along the lines of: > > 'Yes, the random offset can be reported in an oops, as long as > high security setups can turn off the reporting of the offset, > in their idealistic attempt to protect the system against root.' > > ?
'reporting of the offset' should probably be 'reporting kernel data' - there's many possible ways an oops (and its associated raw stack dump) can leak the offset, I'm not sure this can ever be made 'safe' against a rougue root. Not giving kernel originated debug information at all would. (At the cost of reducing the utility of having that root user around, of course.) Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/