Re: [PATCH] drm/exynos: Print kernel pointers in a restricted form

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 14, 2017 at 08:17:35PM +0100, Tobias Jakobi wrote:
> Krzysztof Kozlowski wrote:
> > On Tue, Mar 14, 2017 at 08:01:41PM +0100, Tobias Jakobi wrote:
> >> Hello Krzysztof,
> >>
> >> I was wondering about the benefit of this. From a quick look these are
> >> all messages that end up in the kernel log / dmesg.
> >>
> >> IIRC %pK does nothing there, since dmest_restrict is supposed to be used
> >> to deny an unpriviliged user the access to the kernel log.
> >>
> >> Or am I missing something here?
> > 
> > These are regular printks so depending on kernel options (e.g. dynamic
> > debug, drm.debug) these might be printed also in the console. Of course
> > we could argue then if access to one of the consoles is worth
> > securing.
> This here suggests otherwise.
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/sysctl/kernel.txt#n388
> 
> I have not tested this, but IIRC %pK is not honored by the kernel
> logging infrastucture. That's why dmesg_restrict is there.
> 
> Correct me if I'm wrong.

The %pK will not help for dmesg or /proc/kmsg but it will help for
console (/dev/ttySACN, ttySN etc) because effectively it uses the same
vsprintf()/pointer() functions.

As I said, we could argue whether securing console is worth... usually
attacker having access to it has also physical access to the machine so
everything gets easier...

Best regards,
Krzysztof

--
To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux SoC Development]     [Linux Rockchip Development]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Linux SCSI]     [Yosemite News]

  Powered by Linux