Le 03/12/2018 à 11:49, Martin Husemann a écrit :
On Mon, Dec 03, 2018 at 06:39:18AM +0100, Maxime Villard wrote:This is bad. GENERIC already has some KASLR enabled by default [1], and with your change you're rendering that useless. Please revert.Please describe in more details how this renders something useless, if I read the change correctly it unbreaks things for the non-KASL part w/o changing anything for kernels with KASL. Martin
KASLR means randomizing the kernel memory. Even though we have two distinct GENERIC and GENERIC_KASLR configurations, the fact is that GENERIC already randomizes by default four of the five randomizable kernel areas, as summed up in the table [1]. In other words, 80% of KASLR is enabled by default, regardless of #ifdef KASLR. Therefore, it is wrong to add an ifdef, because in either case we don't want unpriv to retrieve kernel addresses. And we don't want that, for reasons that were already discussed more than two months ago. [1] http://wiki.netbsd.org/security/kaslr/