Re: kernel ring buffer accessible by users

Werner Almesberger (wa@almesberger.net)
Wed, 23 Apr 2003 13:23:59 -0300


Robert Love wrote:
> Why on earth would the user give the kernel a password?

That's just an example. It could be any other sensitive information,
including kernel state that you don't want to reveal to users.

I think it's a reasonable assumption that one can speak freely in a
printk message. Avoiding to print anything that may possibly contain
sensitive information is likely to make messages less useful, just
think of all the data revealed in an oops.

> The point is user input like telephone numbers or passwords should never
> be fed into the kernel anyhow.

Yes, a bit odd. Maybe because of "intelligent" cards that implement
the signalling in firmware. Anyway, this is an entirely different
issue.

- Werner

-- 
  _________________________________________________________________________
 / Werner Almesberger, Buenos Aires, Argentina         wa@almesberger.net /
/_http://www.almesberger.net/____________________________________________/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/