[$] What's the best way to prevent kernel pointer leaks?

An attacker who seeks to compromise a running kernel by overwritingkernel data structures or forcing a jump to specific kernel code must, ineither case, have some idea of where the target objects are in memory.Techniques like kernel address-space layout randomization have been createdin the hope of denying that knowledge, but that effort is wasted if the kernelleaks information about where it has been placed in memory. Developershave been plugging pointer leaks for years but, as a recent discussionshows, there is still some disagreement over the best way to preventattackers from learning about the kernel's address-space layout.