On Thu 2021-02-04 23:51:36, Pavel Machek wrote:
> On Thu 2021-02-04 14:17:13, Kees Cook wrote:
> > On Thu, Feb 04, 2021 at 11:11:43PM +0100, Pavel Machek wrote:
> > > On Thu 2021-02-04 15:59:21, Timur Tabi wrote:
> > > > On 2/4/21 3:49 PM, Pavel Machek wrote:
> > > > >This machine is insecure. Yet
On Thu 2021-02-04 14:17:13, Kees Cook wrote:
> On Thu, Feb 04, 2021 at 11:11:43PM +0100, Pavel Machek wrote:
> > On Thu 2021-02-04 15:59:21, Timur Tabi wrote:
> > > On 2/4/21 3:49 PM, Pavel Machek wrote:
> > > >This machine is insecure. Yet I don't see ascii-art *** all around..
> > > >
> > > >"Ker
On 2/4/21 4:17 PM, Kees Cook wrote:
It's just semantics. Printing addresses DOES weaken the security of a
system, especially when we know attackers have and do use stuff from dmesg
to tune their attacks. How about "reduces the security of your system"?
I think we're bikeshedding now, but I c
On Thu, Feb 04, 2021 at 11:11:43PM +0100, Pavel Machek wrote:
> On Thu 2021-02-04 15:59:21, Timur Tabi wrote:
> > On 2/4/21 3:49 PM, Pavel Machek wrote:
> > >This machine is insecure. Yet I don't see ascii-art *** all around..
> > >
> > >"Kernel memory addresses are exposed, which is bad for securi
On Thu 2021-02-04 15:59:21, Timur Tabi wrote:
> On 2/4/21 3:49 PM, Pavel Machek wrote:
> >This machine is insecure. Yet I don't see ascii-art *** all around..
> >
> >"Kernel memory addresses are exposed, which is bad for security."
>
> I'll use whatever wording everyone can agree on, but I really
On Thu, 4 Feb 2021 15:59:21 -0600
Timur Tabi wrote:
> I think the reason behind the large banner has less to do how insecure
> the system is, and more about making sure vendors and sysadmins don't
> enable it by default everywhere.
+100
-- Steve
On Thu, 4 Feb 2021 22:49:44 +0100
Pavel Machek wrote:
> This machine is insecure. Yet I don't see ascii-art *** all around..
>
> "Kernel memory addresses are exposed, which is bad for security."
> would be quite enough, I'd say...
Well, the alternative is that you go back to patching your own k
On 2/4/21 3:49 PM, Pavel Machek wrote:
This machine is insecure. Yet I don't see ascii-art *** all around..
"Kernel memory addresses are exposed, which is bad for security."
I'll use whatever wording everyone can agree on, but I really don't see
much difference between "which may compromise s
Hi!
> Pavel Machek wrote:
>
> > > + pr_warn("** Kernel memory addresses are exposed, which may **\n");
> > > + pr_warn("** compromise security on your system.
> > > **\n");
> >
> > This is lies, right? And way too verbose.
>
> Not really. More of an exaggeration than
On Thu, 4 Feb 2021 21:48:35 +0100
Pavel Machek wrote:
> > + pr_warn("** Kernel memory addresses are exposed, which may **\n");
> > + pr_warn("** compromise security on your system.
> > **\n");
>
> This is lies, right? And way too verbose.
Not really. More of an exa
On Tue 2021-02-02 14:18:46, Timur Tabi wrote:
> If the make-printk-non-secret command-line parameter is set, then
> printk("%p") will print addresses as unhashed. This is useful for
> debugging purposes.
>
> A large warning message is displayed if this option is enabled,
> because unhashed addres
On Tue, Feb 02, 2021 at 02:51:00PM -0800, Linus Torvalds wrote:
> On Tue, Feb 2, 2021 at 2:34 PM Steven Rostedt wrote:
> >
> > "I also suspect that everybody has already accepted that KASLR isn't
> >really working locally anyway (due to all the hw leak models with
> >cache and TLB timing
On Tue, Feb 2, 2021 at 2:34 PM Steven Rostedt wrote:
>
> "I also suspect that everybody has already accepted that KASLR isn't
>really working locally anyway (due to all the hw leak models with
>cache and TLB timing), so anybody who can look at kernel messages
>already probably could
On Tue, 2 Feb 2021 16:19:20 -0600
Timur Tabi wrote:
> On 2/2/21 3:52 PM, Kees Cook wrote:
> >> A large warning message is displayed if this option is enabled,
> >> because unhashed addresses, while useful for debugging, exposes
> >> kernel addresses which can be a security risk.
>
> > Linus ha
On 2/2/21 3:52 PM, Kees Cook wrote:
A large warning message is displayed if this option is enabled,
because unhashed addresses, while useful for debugging, exposes
kernel addresses which can be a security risk.
Linus has expressly said "no" to things like this in the past:
https://lore.kernel.
On Tue, Feb 02, 2021 at 02:18:46PM -0600, Timur Tabi wrote:
> If the make-printk-non-secret command-line parameter is set, then
> printk("%p") will print addresses as unhashed. This is useful for
> debugging purposes.
>
> A large warning message is displayed if this option is enabled,
> because u
If the make-printk-non-secret command-line parameter is set, then
printk("%p") will print addresses as unhashed. This is useful for
debugging purposes.
A large warning message is displayed if this option is enabled,
because unhashed addresses, while useful for debugging, exposes
kernel addresses
17 matches
Mail list logo
