On Tue, Feb 27, 2024 at 08:15:49PM +0000, Richard W.M. Jones wrote: > > https://gitlab.com/cki-project/kernel-ark/-/commit/ed5ba266c61e01a52359b5793a627e7c9aae8854 > > Why wasn't this a Fedora change proposal? > > Also the justification given for such a major change is very thin. > I'm sure product security can give us some more details of precisely > what exploits will be mitigated, in the change proposal.
FWIW, Googling for 'CONFIG_SECURITY_DMESG_RESTRICT' finds several posts illustrating techniques for exploiting historical CVEs that would be made harder were CONFIG_SECURITY_DMESG_RESTRICT set, preventing dmesg from undermining KASLR by leaking kernel addresses to unprivileged processes. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
