On Tue, 15 Jan 2019 11:47:27 -0800 Laura Abbott <labbott@xxxxxxxxxx> wrote: > On 1/15/19 8:51 AM, stan wrote: > > I compiled a custom fedora 5.0 kernel, and one of the new options > > was to have the kernel zero the stack on return from kernel > > functions. The cost was about 1% on a single cpu system. I made > > the judgement that this would be great on cloud servers, but wasn't > > really necessary for a local machine. Is there a reason it might > > be good for a local machine to have this enabled? > > I'm guessing you're referring to CONFIG_GCC_PLUGIN_STACKLEAK. It > really depends on what you want to prevent with this option. The goal > is to prevent leaking of sensitive stack data (e.g. keys). You're > right that cloud based servers would see more benefit but I could see > you wanting this enabled on certain high value local machines. If > there is a particular machine that you would _really_ rather not get > compromised, it might be worth enabling. Yes, that is the option I was referring to. I think I'll leave it off, not because I don't consider my machine high value, but because I don't have any internet accessible services running. I think the only access from the web to my machine would be through the browser. If my machine is compromised enough through that channel that someone is able to read the kernel stack, I think reading the kernel stack will be beside the point. > Also for the record, CONFIG_GCC_PLUGIN_STACKLEAK isn't on in Fedora > officially because we don't currently enable any gcc plugins. > It's something we might look into in the future though. This is good to know for future reference. Thanks. _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx