On Mon, Dec 03, 2018 at 12:54:26PM +0100, Maxime Villard wrote: > In other words, 80% of KASLR is enabled by default, regardless of #ifdef > KASLR.
I'd call that a bug. > Therefore, it is wrong to add an ifdef, because in either case we > don't want unpriv to retrieve kernel addresses. And we don't want that, > for reasons that were already discussed more than two months ago. There is a choice via sysctl and we are only talking about the default. Not everyone wants security at the price of broken functionality always. Martin