Re: [PATCH v2 0/4] Checkpoint/Restore: Show in proc IDs of objectsthat can be shared between tasks

[Cyrill Gorcunov]

On Fri, Nov 18, 2011 at 11:07:16AM -0800, Andrew Morton wrote:
...
> 
> OK.  Using the object's kernel virtual address is certainly very
> attractive.
> 
> It is the case that we're causing difficulty with this longer-term plan
> to make c/r available to unprivileged processes?  Because it's OK to
> expose kernel addresses to CAP_SYS_ADMIN (or similar) tasks (isn't it?).
> 

Actually the address is not exposed in open-form but rather xor'ed with
a random number, still from security pov it's not clear if it's really useful
for attacker to obtain inverted low bits of the former random number (which
might happen on aligned addresses).

	Cyrill
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/