On Wed, May 25, 2011 at 09:37:47PM +0200, Martin Pitt wrote: > Kees Cook [2011-05-25 12:05 -0700]: > > Currently, the upstream kernel folks have rejected filtering printk. > > That's not actually what I meant. Don't filter the outputs of printk() > with some regexps. I meant "just kill the printk() call that prints > the address". Why would you even need to printk() it if the very thing > it prints out is not meant to be seen in logs?
Right. This is precisely what upstream has refused[1] to do. The problem is that dmesg is just a log. The contents can't be adjusted based on who is viewing it like (like has been done for the %pK sprintf uses in /proc, /sys, etc). Things like Oops reports will go to dmesg, which are utterly useless without all their addresses intact, etc. The only way to close this entire area of leaks is to make dmesg a privileged resource, and that is possible using the dmesg_restrict stuff (created for this very purpose). -Kees [1] http://marc.info/?l=linux-netdev&m=128915072325450&w=2 -- Kees Cook Ubuntu Security Team -- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel