Removal of the kernel code/data/bss resources does break kexec/kdump
Emrah Demir
ed at abdsec.com
Thu Apr 14 13:27:48 PDT 2016
On 2016-04-14 13:40, Linus Torvalds wrote:
>
> Actually, %pK is horrible in /proc and /sys files, and does the wrong
> thing.
>
I agree with that, but for now there is no way to make things right in
/proc or /sys.
>
> A file access should use "file->f_cred", but the seq_file interface
> sadly doesn't expose any way to do that.
>
> I'll take a look, but it's non-trivial to get right. %pK turns out to
> have been seriously mis-designed, and is basically almost always a
> bug.
>
> Linus
In another way, maybe it's good to remove code dependencies on /proc
sensitive files like /proc/iomem.
Kees Coook: "it looks like at least Ubuntu's kernel security test suite
expects to find these entries (when it verifies that STRICT_DEVMEM
hasn't regressed)"
Freeman Zhang: "Removal of these information causes 'kexec/kdump' to
fail in the newer
kernel"
Removing such dependencies would make things better and code/bss/data
sections could be removed.
More information about the kexec
mailing list