On 2016-04-14 00:27, Kees Cook wrote:
On Wed, Apr 6, 2016 at 2:19 PM, Linus Torvalds
wrote:
On Wed, Apr 6, 2016 at 10:54 AM, Linus Torvalds
wrote:
So I'd find a patch like the attached to be perfectly acceptable (in
fact, we
On 2016-04-14 00:27, Kees Cook wrote:
On Wed, Apr 6, 2016 at 2:19 PM, Linus Torvalds
wrote:
On Wed, Apr 6, 2016 at 10:54 AM, Linus Torvalds
wrote:
So I'd find a patch like the attached to be perfectly acceptable (in
fact, we should have done this long ago).
I just committed it, let's see
On Wed, Apr 6, 2016 at 2:19 PM, Linus Torvalds
wrote:
> On Wed, Apr 6, 2016 at 10:54 AM, Linus Torvalds
> wrote:
>>
>> So I'd find a patch like the attached to be perfectly acceptable (in
>> fact, we should have done this long ago).
>
On Wed, Apr 6, 2016 at 2:19 PM, Linus Torvalds
wrote:
> On Wed, Apr 6, 2016 at 10:54 AM, Linus Torvalds
> wrote:
>>
>> So I'd find a patch like the attached to be perfectly acceptable (in
>> fact, we should have done this long ago).
>
> I just committed it, let's see if some odd program uses the
* Linus Torvalds wrote:
> So yeah, maybe swap partitions are still more common than I thought. And I
> didn't even consider the possibility that people would hibernate a desktop
> like
> you do.
Also many distros will hibernate automatically on critically low
* Linus Torvalds wrote:
> So yeah, maybe swap partitions are still more common than I thought. And I
> didn't even consider the possibility that people would hibernate a desktop
> like
> you do.
Also many distros will hibernate automatically on critically low battery (when
suspend won't
On Wed, Apr 6, 2016 at 2:27 PM, Kees Cook wrote:
>
> Hrm, okay. I still think just changing the perms would be less
> troublesome.
No, that would be much *more* trouble-some, because we have things
like bug-reporting documentation that tells people to send /proc/iomem
etc
On Wed, Apr 6, 2016 at 2:27 PM, Kees Cook wrote:
>
> Hrm, okay. I still think just changing the perms would be less
> troublesome.
No, that would be much *more* trouble-some, because we have things
like bug-reporting documentation that tells people to send /proc/iomem
etc information on crashes.
On Wed, Apr 6, 2016 at 2:19 PM, Linus Torvalds
wrote:
> On Wed, Apr 6, 2016 at 10:54 AM, Linus Torvalds
> wrote:
>>
>> So I'd find a patch like the attached to be perfectly acceptable (in
>> fact, we should have done this long ago).
>
On Wed, Apr 6, 2016 at 2:19 PM, Linus Torvalds
wrote:
> On Wed, Apr 6, 2016 at 10:54 AM, Linus Torvalds
> wrote:
>>
>> So I'd find a patch like the attached to be perfectly acceptable (in
>> fact, we should have done this long ago).
>
> I just committed it, let's see if some odd program uses the
On Wed, Apr 6, 2016 at 10:54 AM, Linus Torvalds
wrote:
>
> So I'd find a patch like the attached to be perfectly acceptable (in
> fact, we should have done this long ago).
I just committed it, let's see if some odd program uses the iomem
data. I doubt it, and I
On Wed, Apr 6, 2016 at 10:54 AM, Linus Torvalds
wrote:
>
> So I'd find a patch like the attached to be perfectly acceptable (in
> fact, we should have done this long ago).
I just committed it, let's see if some odd program uses the iomem
data. I doubt it, and I always enjoy improvements that
Linus Torvalds writes:
> I suspect there really aren't all that many hibernation users out
> there at all, and that yes, that would be the right default.
>
> Hibernation is really quite nasty when you have to have a fairly big
> special partition for it, and shrink
Linus Torvalds writes:
> I suspect there really aren't all that many hibernation users out
> there at all, and that yes, that would be the right default.
>
> Hibernation is really quite nasty when you have to have a fairly big
> special partition for it, and shrink your memory down. Writing
On Wed, Apr 06, 2016 at 09:11:07PM +0200, Yves-Alexis Perez wrote:
> On mer., 2016-04-06 at 12:02 -0700, Linus Torvalds wrote:
> > So yeah, maybe swap partitions are still more common than I thought.
> > And I didn't even consider the possibility that people would hibernate
> > a desktop like you
On Wed, Apr 06, 2016 at 09:11:07PM +0200, Yves-Alexis Perez wrote:
> On mer., 2016-04-06 at 12:02 -0700, Linus Torvalds wrote:
> > So yeah, maybe swap partitions are still more common than I thought.
> > And I didn't even consider the possibility that people would hibernate
> > a desktop like you
On mer., 2016-04-06 at 12:02 -0700, Linus Torvalds wrote:
> So yeah, maybe swap partitions are still more common than I thought.
> And I didn't even consider the possibility that people would hibernate
> a desktop like you do.
To be fair, it's *my* use case, because suspend won't work but I'm
On mer., 2016-04-06 at 12:02 -0700, Linus Torvalds wrote:
> So yeah, maybe swap partitions are still more common than I thought.
> And I didn't even consider the possibility that people would hibernate
> a desktop like you do.
To be fair, it's *my* use case, because suspend won't work but I'm
On Wed, 6 Apr 2016, e...@abdsec.com wrote:
> First, I wrote your attached patch, but then I thought zeroing other
> /proc/iomem values would be better. So I changed it.
On my systems, /proc/iomem, /proc/ioports and others get their
world-readable bits removed during bootup - I guess that would
On Wed, Apr 6, 2016 at 11:53 AM, Yves-Alexis Perez wrote:
>
> Actually you just have to have a swap partition, which people still set as
> more or less the ram size, I think, so all in all it works (especially if
> people hibernate without the ram completely used).
I guess
On Wed, Apr 6, 2016 at 11:53 AM, Yves-Alexis Perez wrote:
>
> Actually you just have to have a swap partition, which people still set as
> more or less the ram size, I think, so all in all it works (especially if
> people hibernate without the ram completely used).
I guess people still do those.
On Wed, 6 Apr 2016, e...@abdsec.com wrote:
> First, I wrote your attached patch, but then I thought zeroing other
> /proc/iomem values would be better. So I changed it.
On my systems, /proc/iomem, /proc/ioports and others get their
world-readable bits removed during bootup - I guess that would
On mer., 2016-04-06 at 11:43 -0700, Linus Torvalds wrote:
> Hibernation is really quite nasty when you have to have a fairly big
> special partition for it, and shrink your memory down. Writing things
> to disk was a whole lot more reasonable back in the days when laptops
> had 16MB of memory.
On mer., 2016-04-06 at 11:43 -0700, Linus Torvalds wrote:
> Hibernation is really quite nasty when you have to have a fairly big
> special partition for it, and shrink your memory down. Writing things
> to disk was a whole lot more reasonable back in the days when laptops
> had 16MB of memory.
On Wed, Apr 6, 2016 at 11:52 AM, Christian Kujau wrote:
> On Wed, 6 Apr 2016, e...@abdsec.com wrote:
>> First, I wrote your attached patch, but then I thought zeroing other
>> /proc/iomem values would be better. So I changed it.
>
> On my systems, /proc/iomem, /proc/ioports
On Wed, Apr 6, 2016 at 11:52 AM, Christian Kujau wrote:
> On Wed, 6 Apr 2016, e...@abdsec.com wrote:
>> First, I wrote your attached patch, but then I thought zeroing other
>> /proc/iomem values would be better. So I changed it.
>
> On my systems, /proc/iomem, /proc/ioports and others get their
>
On Wed, Apr 6, 2016 at 11:37 AM, Kees Cook wrote:
>
> At some point I'd like to see if distros would be interested in
> inverting the default logic (maybe with a CONFIG to avoid changing the
> current behavior) where instead of needing to put "kaslr" on the
> command line
On Wed, Apr 6, 2016 at 11:37 AM, Kees Cook wrote:
>
> At some point I'd like to see if distros would be interested in
> inverting the default logic (maybe with a CONFIG to avoid changing the
> current behavior) where instead of needing to put "kaslr" on the
> command line to prefer kaslr over
On Wed, Apr 6, 2016 at 11:31 AM, Linus Torvalds
wrote:
> On Wed, Apr 6, 2016 at 11:05 AM, wrote:
>>
>> Most distros don't use KASLR, but they use kptr_restrict. Without KASLR,
>> kptr_restirct most likely useless.
>
> Well, yes kaslr is
On Wed, Apr 6, 2016 at 11:31 AM, Linus Torvalds
wrote:
> On Wed, Apr 6, 2016 at 11:05 AM, wrote:
>>
>> Most distros don't use KASLR, but they use kptr_restrict. Without KASLR,
>> kptr_restirct most likely useless.
>
> Well, yes kaslr is effectively useless right now due to the fact that
>
On Wed, Apr 6, 2016 at 11:05 AM, wrote:
>
> Most distros don't use KASLR, but they use kptr_restrict. Without KASLR,
> kptr_restirct most likely useless.
Well, yes kaslr is effectively useless right now due to the fact that
people still use hibernation in effectively every
On Wed, Apr 6, 2016 at 11:05 AM, wrote:
>
> Most distros don't use KASLR, but they use kptr_restrict. Without KASLR,
> kptr_restirct most likely useless.
Well, yes kaslr is effectively useless right now due to the fact that
people still use hibernation in effectively every single distro out
On Wed, Apr 6, 2016 at 11:05 AM, wrote:
> First, I wrote your attached patch, but then I thought zeroing other
> /proc/iomem values would be better. So I changed it.
>
> Most distros don't use KASLR, but they use kptr_restrict. Without KASLR,
Well, hopefully that'll change over
On Wed, Apr 6, 2016 at 11:05 AM, wrote:
> First, I wrote your attached patch, but then I thought zeroing other
> /proc/iomem values would be better. So I changed it.
>
> Most distros don't use KASLR, but they use kptr_restrict. Without KASLR,
Well, hopefully that'll change over time. :)
>
First, I wrote your attached patch, but then I thought zeroing other
/proc/iomem values would be better. So I changed it.
Most distros don't use KASLR, but they use kptr_restrict. Without KASLR,
kptr_restirct most likely useless. As you said these things should be
done long ago
First, I wrote your attached patch, but then I thought zeroing other
/proc/iomem values would be better. So I changed it.
Most distros don't use KASLR, but they use kptr_restrict. Without KASLR,
kptr_restirct most likely useless. As you said these things should be
done long ago
On Wed, Apr 6, 2016 at 6:03 AM, Emrah Demir wrote:
> From: Emrah Demir
Hi!
Thanks for sending this patch; I'm always glad to see new faces
helping. :) I have a few comments inline and a larger suggestion at
the end.
> Even though KASLR is aiming to mitigate
On Wed, Apr 6, 2016 at 6:03 AM, Emrah Demir wrote:
> From: Emrah Demir
Hi!
Thanks for sending this patch; I'm always glad to see new faces
helping. :) I have a few comments inline and a larger suggestion at
the end.
> Even though KASLR is aiming to mitigate remote attacks, with a simple LFI
On Wed, Apr 6, 2016 at 8:20 AM, Linus Torvalds
wrote:
>
> I'd much rather just not insert the resources in the first place then.
So I'd find a patch like the attached to be perfectly acceptable (in
fact, we should have done this long ago).
That said, for a kernel
On Wed, Apr 6, 2016 at 8:20 AM, Linus Torvalds
wrote:
>
> I'd much rather just not insert the resources in the first place then.
So I'd find a patch like the attached to be perfectly acceptable (in
fact, we should have done this long ago).
That said, for a kernel hardening thing, I think it
On Wed, Apr 6, 2016 at 6:03 AM, Emrah Demir wrote:
>
> By this patch after insertion resources, start and end address are zeroed.
I'd much rather just not insert the resources in the first place then.
Linus
On Wed, Apr 6, 2016 at 6:03 AM, Emrah Demir wrote:
>
> By this patch after insertion resources, start and end address are zeroed.
I'd much rather just not insert the resources in the first place then.
Linus
From: Emrah Demir
Even though KASLR is aiming to mitigate remote attacks, with a simple LFI
vulnerability through a web application, local leaks become as important as
remote ones.
On the KASLR enabled systems in order to achieve expected protection, some
files are needed to
From: Emrah Demir
Even though KASLR is aiming to mitigate remote attacks, with a simple LFI
vulnerability through a web application, local leaks become as important as
remote ones.
On the KASLR enabled systems in order to achieve expected protection, some
files are needed to edited/modified
44 matches
Mail list logo