In article <20181203191043.zou-_%[email protected]>, Steffen Nurpmeso <[email protected]> wrote: >Manuel Bouyer wrote in <[email protected]>: > |On Mon, Dec 03, 2018 at 12:54:26PM +0100, Maxime Villard wrote: > |> In other words, 80% of KASLR is enabled by default, regardless of #ifdef > |> KASLR. Therefore, it is wrong to add an ifdef, because in either case we > | > |So there's no way to completely disable KASLR now ? > |Although I admit it's usefull to have it on by default, there should \ > |be a way > |to turn it off for low-level debugging > >As an idiot from user space only: why is layout randomization >still something desirable now that kernel and user address space >is totally, cleanly and completely separated, and caches etc. are >flushed upon context-switches and system calls? It is like that, >right?
Because KVM reading or sysctl sometimes expose kernel addresses to userland (some utilities still depend on that to function properly), and that defeats KASLR (there is a way to find where the kernel was loaded from userland -- to put it simplistically). christos
