Should slub_debug be considered a hardening cmd line parameter?

[morfikov]

According to this, the slub_debug is a hardening cmd line parameter. But when you use this option, you will see the following in the syslog on newer kernels:

kernel: **********************************************************
kernel: **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
kernel: **                                                      **
kernel: ** This system shows unhashed kernel memory addresses   **
kernel: ** via the console, logs, and other interfaces. This    **
kernel: ** might reduce the security of your system.            **
kernel: **                                                      **
kernel: ** If you see this message and you are not debugging    **
kernel: ** the kernel, report this immediately to your system   **
kernel: ** administrator!                                       **
kernel: **                                                      **
kernel: **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
kernel: **********************************************************

More here and here.

So, should users use slub_debug=FZP or slub_debug=ZP?

[a13xp0p0v]

Hello @morfikov!

My code comment in __init__.py is a note for future development within #46. It's not a final decision.

Currently I consider slub_debug=F and slub_debug=Z as debugging features, as you can see at the Linux Kernel Defence Map.

And I will have to learn more about init_on_free and slub_debug=P to choose between them.

Thanks!