Le 03/12/2018 à 13:07, Martin Husemann a écrit :
On Mon, Dec 03, 2018 at 12:54:26PM +0100, Maxime Villard wrote:
In other words, 80% of KASLR is enabled by default, regardless of #ifdef
I'd call that a bug.
No, it's a basic level of security. It is also the best randomization of
all of the BSDs, which can be combined with the GENERIC_KASLR conf that
provides the most advanced KASLR implementation available out there.
Therefore, it is wrong to add an ifdef, because in either case we
don't want unpriv to retrieve kernel addresses. And we don't want that,
for reasons that were already discussed more than two months ago.
There is a choice via sysctl and we are only talking about the default.
Yes, and if people want their kernel to leak a ton of stuff they can set
the sysctl to 1.
The real bug I see here is changing the behavior while it was already
discussed and agreed that we would prevent leaks by default. I proceeded
slowly, I added everything that was needed in TODO.kaslr and also on the
NetBSD-9 tasklist, and I even repeated several times that I would plug
the leaks by default, no one objected.
Yet all of a sudden what was agreed upon doesn't hold anymore, and
Christos has to come around and commit nonsense under the reason "from
mrg". This is bullshit.