On Fri, Apr 5, 2013 at 7:49 AM, Borislav Petkov <b...@alien8.de> wrote: > On Thu, Apr 04, 2013 at 01:07:35PM -0700, Kees Cook wrote: >> This creates CONFIG_RANDOMIZE_BASE, so that the base offset of the kernel >> can be randomized at boot. > > Right, > > if I'm reading this whole deal correctly, I have an issue with this > in the sense that if this thing is enabled by default and people are > running stripped kernels, an oops which is being reported is worth sh*t > since all the addresses there are random and one simply can't map them > back to which functions the callstack frames are pointing to. Which will > majorly hinder debuggability, IMHO...
I think it'd be perfectly ok for OOPS to print out the kernel base. Restricting access to these oopses becomes a different problem (privilege separation). Some existing sandboxes (Chromium, vsftpd, openssh..) are already defending against it. Julien -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
