Re: CVS commit: src/sys/kern

To: Maxime Villard <max%m00nbsd.net@localhost>
Subject: Re: CVS commit: src/sys/kern
From: Martin Husemann <martin%duskware.de@localhost>
Date: Mon, 3 Dec 2018 13:07:15 +0100

On Mon, Dec 03, 2018 at 12:54:26PM +0100, Maxime Villard wrote:
> In other words, 80% of KASLR is enabled by default, regardless of #ifdef
> KASLR.

I'd call that a bug.

> Therefore, it is wrong to add an ifdef, because in either case we
> don't want unpriv to retrieve kernel addresses. And we don't want that,
> for reasons that were already discussed more than two months ago.

There is a choice via sysctl and we are only talking about the default.
Not everyone wants security at the price of broken functionality always.

Martin

Follow-Ups:
- Re: CVS commit: src/sys/kern
  - From: Maxime Villard

References:
- Re: CVS commit: src/sys/kern
  - From: Maxime Villard
- Re: CVS commit: src/sys/kern
  - From: Martin Husemann
- Re: CVS commit: src/sys/kern
  - From: Maxime Villard

Prev by Date: Re: CVS commit: src/sys/kern
Next by Date: Re: CVS commit: src/sys/kern
Previous by Thread: Re: CVS commit: src/sys/kern
Next by Thread: Re: CVS commit: src/sys/kern
Indexes:

Home | Main Index | Thread Index | Old Index