From: Christoph Hellwig <hch@infradead.org>
To: "Roberts, William C" <william.c.roberts@intel.com>
Cc: Christoph Hellwig <hch@infradead.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"corbet@lwn.net" <corbet@lwn.net>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: [kernel-hardening] Re: [PATCH] printk: introduce kptr_restrict level 3
Date: Thu, 6 Oct 2016 06:56:12 -0700 [thread overview]
Message-ID: <20161006135612.GA21342@infradead.org> (raw)
In-Reply-To: <476DC76E7D1DF2438D32BFADF679FC561CD14651@ORSMSX103.amr.corp.intel.com>
On Thu, Oct 06, 2016 at 01:47:47PM +0000, Roberts, William C wrote:
> Out of tree modules still affect core kernel security.
So don't use them.
> I would also bet money, that somewhere
> In-tree someone has put a %p when they wanted a %pK.
So fix them.
> So this method is just quite error
> prone. We currently have a blacklist approach versus whitelist.
Or fix the entire thing, get rid of %pK and always protect %p if you
can show that it doesn't break anything.
But stop posting patches with bullshit arguments like out of tree
modules.
WARNING: multiple messages have this Message-ID (diff)
From: Christoph Hellwig <hch@infradead.org>
To: "Roberts, William C" <william.c.roberts@intel.com>
Cc: Christoph Hellwig <hch@infradead.org>,
"kernel-hardening@lists.openwall.com"
<kernel-hardening@lists.openwall.com>,
"corbet@lwn.net" <corbet@lwn.net>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] printk: introduce kptr_restrict level 3
Date: Thu, 6 Oct 2016 06:56:12 -0700 [thread overview]
Message-ID: <20161006135612.GA21342@infradead.org> (raw)
In-Reply-To: <476DC76E7D1DF2438D32BFADF679FC561CD14651@ORSMSX103.amr.corp.intel.com>
On Thu, Oct 06, 2016 at 01:47:47PM +0000, Roberts, William C wrote:
> Out of tree modules still affect core kernel security.
So don't use them.
> I would also bet money, that somewhere
> In-tree someone has put a %p when they wanted a %pK.
So fix them.
> So this method is just quite error
> prone. We currently have a blacklist approach versus whitelist.
Or fix the entire thing, get rid of %pK and always protect %p if you
can show that it doesn't break anything.
But stop posting patches with bullshit arguments like out of tree
modules.
next prev parent reply other threads:[~2016-10-06 13:56 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-05 18:04 [kernel-hardening] [PATCH] printk: introduce kptr_restrict level 3 william.c.roberts
2016-10-05 18:04 ` william.c.roberts
2016-10-05 19:34 ` [kernel-hardening] " Kees Cook
2016-10-05 19:34 ` Kees Cook
2016-10-06 13:17 ` [kernel-hardening] " Roberts, William C
2016-10-06 13:17 ` Roberts, William C
2016-10-06 15:18 ` [kernel-hardening] " Roberts, William C
2016-10-06 21:04 ` [kernel-hardening] " Kees Cook
2016-10-07 14:19 ` [kernel-hardening] " Roberts, William C
2016-10-07 14:29 ` Jann Horn
2016-10-07 15:05 ` Roberts, William C
2016-10-07 15:15 ` Jann Horn
2016-10-07 19:12 ` Kees Cook
2016-10-11 18:11 ` Roberts, William C
2016-10-05 20:52 ` [kernel-hardening] " Rasmus Villemoes
2016-10-05 20:52 ` Rasmus Villemoes
2016-10-06 13:23 ` [kernel-hardening] " Roberts, William C
2016-10-06 13:23 ` Roberts, William C
2016-10-06 13:31 ` [kernel-hardening] " Christoph Hellwig
2016-10-06 13:31 ` Christoph Hellwig
2016-10-06 13:47 ` [kernel-hardening] " Roberts, William C
2016-10-06 13:47 ` Roberts, William C
2016-10-06 13:56 ` Christoph Hellwig [this message]
2016-10-06 13:56 ` Christoph Hellwig
2016-10-06 14:59 ` [kernel-hardening] " Roberts, William C
2016-10-06 14:59 ` Roberts, William C
2016-10-06 21:00 ` [kernel-hardening] " Kees Cook
2016-10-06 21:00 ` Kees Cook
2016-10-06 21:19 ` [kernel-hardening] " Joe Perches
2016-10-06 21:19 ` Joe Perches
2016-10-06 21:25 ` [kernel-hardening] " Kees Cook
2016-10-06 21:25 ` Kees Cook
2016-10-07 14:21 ` [kernel-hardening] " Roberts, William C
2016-10-07 14:21 ` Roberts, William C
2016-10-06 14:05 ` [kernel-hardening] " Jann Horn
2016-10-06 14:46 ` Jann Horn
2016-10-07 11:52 ` Jann Horn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161006135612.GA21342@infradead.org \
--to=hch@infradead.org \
--cc=corbet@lwn.net \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.