Re: [PATCH 3/6] x86/dumpstack: make printk_stack_address() more generally useful
From: Josh Poimboeuf
Date: Fri Aug 26 2016 - 01:58:20 EST
On Thu, Aug 25, 2016 at 09:40:12PM -0700, Linus Torvalds wrote:
> On Thu, Aug 25, 2016 at 8:19 PM, Josh Poimboeuf <jpoimboe@xxxxxxxxxx> wrote:
> > So yes, dmesg_restrict sounds useful to me. It's a way to prevent users
> > from seeing kernel addresses without affecting my ability to debug
> > issues. For a locked down system, why would non-root users need to
> > access dmesg anyway?
>
> That's the point. It is only useful for locked-down systems.
>
> But that also means that IT IS NOT USEFUL AS A SECURITY ARGUMENT -
> since it's simply not relevant to most systems out there.
>
> Most systems aren't locked down.
Ok, so maybe removing kernel text addresses from the stack dump wouldn't
be the end of the world.
But I still don't quite understand your statement that dmesg_restrict is
only useful for locked down systems.
To prevent kernel address disclosure, it seems we already rely on the
user setting kptr_restrict today, otherwise I can do cat
/proc/self/stack and the game is already lost, right?
So what's the difference between expecting the user to set kptr_restrict
vs dmesg_restrict?
--
Josh