XPost: linux.debian.bugs.dist   
   From: arraybolt3@gmail.com   
      
   Source: linux   
   Version: 6.12.48-1   
   Severity: important   
   X-Debbugs-Cc: adrelanos@whonix.org, arraybolt3@gmail.com   
      
   One of the debugging options the kernel provide, `slab_debug`, is used   
   as a hardening mechanism by multiple security-conscious Linux   
   distributions, namely Tails and Kicksecure, as it makes some forms of   
   memory management bugs more difficult to exploit. It is recommended by   
   the Kernel Self Protection Project for users who want to set up a   
   "particularly paranoid" system. (See   
   https://kspp.github.io/Recommended_Settings) Unfortunately, due to   
   upstream apparently previously considering this feature as only a   
   debugging feature, setting the kernel parameter `slab_debug=FZ` (or   
   similar) results in unhashed kernel addresses being exposed in areas   
   such as the kernel logs, making it easier to bypass KASLR when this   
   option is enabled. Users with high security requirements are therefore   
   left with a bit of a catch-22 - either enable `slab_debug` and hope   
   that making KASLR easy to bypass isn't going to ultimately be a   
   problem, or leave `slab_debug` disabled and live without the additional   
   memory safety benefits it provides.   
      
   Linux 6.17 introduced a new boot option, `hash_pointers`, which allows   
   one to configure whether pointer values exposed to userspace are hashed   
   or unhashed independently of the `slab_debug` setting. Users who are   
   interested in using `slab_debug` for hardening but don't need the   
   debugging capabilities it provides can thus boot with something like   
   `slab_debug=FZ hash_pointers=always`, giving the best of both worlds.   
   The patch that introduces this option can be seen at   
   https://github.com/torvalds/linux/commit/de1c831a7898f164c1c2703   
   6b2b9e4fb4bebefc   
   This patch indicates that the use of `slab_debug` as a hardening option   
   and not just a debugging option is explicitly supported by Linux, this   
   is not an abuse of the feature.   
      
   The additional boot option does virtually nothing functionally, it   
   simply allows setting this new combination of options that the kernel   
   didn't previously expose. At least to me, the patch appears small, safe,   
   and it arguably is a kind of bugfix even though technically it is   
   presented as a new feature.   
      
   I would like if the kernel team could consider backporting this patch   
   into Debian Trixie's stable kernel. Thank you.   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iQIzBAEBCgAdFiEEudh48PFXwyPDa0wGpwkWDXPHkQkFAmjl18AACgkQpwkWDXPH   
   kQlNJRAA0n5p1SVMBJM1Hp8fXstR6IUl3EdKD5n21ctKV1pLjEvvED6Gumqm4tZE   
   ilmR+tmMhcT9vREt5umSYFunkdAKz2y/nJUfeLdo2R/EEBpzp3enCUok4QUQrTmo   
   VRaJAkNHu3kg9dkzKb3pSqWYI13WQdbXIbGVCABHHMO80c3/KxyWxAwCFYW6aRVg   
   Ebtb0OUCsCwwUCascH3t/ycPRWmhOcPg4s1I6SBPfkJ50M3U5rGfwIPP45P5wN9/   
   xEY9C11ozI4/VmeMYrjLECopg0pRNk8/z8M0Yvb+viuTlqVu9bO4CZZ/gcFoezkx   
   UoR8XBqe39nxYCPLMTZ+dTItJJ7LXbFa6o6xnDFex0b6RAS2qnAR/HSF2sLxY/pi   
   50Xv/FRsNoGRX1Mftfp9JaHg9H9uPX3eHISdYrvn57TYJeTqBqU6ZvyNewVhhYR0   
   AGYRlhSC1WbOanOvP0R0y1/K0Bd483NPYgPOkAPTPbTwJJDF/+640sUL2rmmbLnQ   
   c5aBDp9IsU3vDky9wYMQiiinVk1YJmdoXbEsmJHgy8rUMsr9FyNem11uknPCBDXH   
   FQBnBMqG2NxD4A/sovpM6ZrD/IAaZlQv6UiP7VNtpN7yLUdB3c9A/Tie0yhBhMVB   
   mcnjMmzkmZLfPX+kNIB7rDYfhp69LsEzQfeXysf7GYmT+OaWHuU=   
   =VdqL   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)