On Mon, Dec 03, 2018 at 12:54:26PM +0100, Maxime Villard wrote:
> In other words, 80% of KASLR is enabled by default, regardless of #ifdef

I'd call that a bug.

> Therefore, it is wrong to add an ifdef, because in either case we
> don't want unpriv to retrieve kernel addresses. And we don't want that,
> for reasons that were already discussed more than two months ago.

There is a choice via sysctl and we are only talking about the default.
Not everyone wants security at the price of broken functionality always.


Reply via email to