Enabling the kernel's DMESG_RESTRICT feature
Martin Pitt
martin.pitt at ubuntu.com
Wed May 25 04:41:52 UTC 2011
Hey Kees,
Kees Cook [2011-05-24 11:46 -0700]:
> $ dmesg | grep -m1 text
> [ 0.000000] .text : 0xc1000000 - 0xc15112a1 (5188 kB)
Would it be possible to have the kernel just not log the addresses in
the first place? It seems kind of pointless to make a big effort of
randomizing these and then yell it out loudly where it lands in any
kind of log file. People might also have a custom rsyslog
configuration etc. which we can't even fix on upgrades.
So wouldn't it be enough to have the actual addresses somewhere in
/proc/ in a 0400 file, and just purge them from printk()s?
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the ubuntu-devel
mailing list