lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 13 Oct 2008 13:44:43 -0500
From:	Scott Wood <scottwood@...escale.com>
To:	Guennadi Liakhovetski <g.liakhovetski@....de>
Cc:	Rogério Brito <rbrito@....usp.br>,
	linuxppc-dev@...abs.org, akpm@...ux-foundation.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] powerpc: enable heap randomization for linkstations

On Mon, Oct 13, 2008 at 08:05:09PM +0200, Guennadi Liakhovetski wrote:
> On Mon, 13 Oct 2008, Rogério Brito wrote:
> 
> > The current defconfig for Linkstation/Kuroboxes has the "Disable Heap
> > Randomization" option enabled.
> > 
> > Since some of these machines are facing the internet, it helps to have
> > heap randomization enabled. This patch enables it.
> 
> Same as the previous patch - this is one of options, that users select 
> according to their needs. If any specific distribution enables this option 
> by default in their kernels, they can do this too, don't think this is 
> critical enough to patch the defconfig.

Just because users/distros can change it doesn't mean it's pointless to
discuss what default is sane, and make changes if the current default
isn't.

For security-related options it's usually best to default to the more
secure state, especially since the option description talks about it
being needed mainly for libc5 compatibility -- did libc5 ever even exist
for powerpc?  

The only reason it was turned on in the first place was likely the
"default y", which in turn is there to avoid breaking old x86 distros.

-Scott
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ