| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Sep 2010 20:14:54 +0200 From: Uwe Kleine-König <u.kleine-koenig@...gutronix.de> To: Trond Myklebust <Trond.Myklebust@...app.com> Cc: Randy Dunlap <randy.dunlap@...cle.com>, Linus Torvalds <torvalds@...ux-foundation.org>, linux-kernel@...r.kernel.org, "J. Bruce Fields" <bfields@...ldses.org> Subject: Re: [REGRESSION PATCH] NFS: let NFS_V4 and NFSD_V4 enforce CRYPTO Hi Trond, On Thu, Sep 09, 2010 at 12:57:28PM -0400, Trond Myklebust wrote: > On Wed, 2010-08-25 at 11:05 +0200, Uwe Kleine-König wrote: > > This is a follow up to > > > > df486a2 (NFS: Fix the selection of security flavours in Kconfig) > > > > which broke (among others) arm/mx1_defconfig. > > > > Moreover let NFS_V4 select RPCSEC_GSS_KRB5 again as it was before > > df486a2. This make the dependency more explicit than relying on the no > > prompt + default y if !(NFS_V4 || NFSD_V4). > Having looked more closely at the actual dependencies in the NFSv4 > client and server (see the changelog below), I believe the following is > the correct patch. It ensures that the RPCSEC_GSS module is always > selected, and does not introduce any unnecessary dependencies on CRYPTO. Fine, works for me. That's even better than selecting CRYPTO. Still, wouldn't be the patch below more complete? Best regards Uwe diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig index 6c2aad4..f7e13db 100644 --- a/fs/nfs/Kconfig +++ b/fs/nfs/Kconfig @@ -63,6 +63,7 @@ config NFS_V3_ACL config NFS_V4 bool "NFS client support for NFS version 4" depends on NFS_FS + select SUNRPC_GSS help This option enables support for version 4 of the NFS protocol (RFC 3530) in the kernel's NFS client. diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig index 95932f5..4264377 100644 --- a/fs/nfsd/Kconfig +++ b/fs/nfsd/Kconfig @@ -69,6 +69,7 @@ config NFSD_V4 depends on NFSD && PROC_FS && EXPERIMENTAL select NFSD_V3 select FS_POSIX_ACL + select SUNRPC_GSS help This option enables support in your system's NFS server for version 4 of the NFS protocol (RFC 3530). diff --git a/net/sunrpc/Kconfig b/net/sunrpc/Kconfig index 3376d76..442efe1 100644 --- a/net/sunrpc/Kconfig +++ b/net/sunrpc/Kconfig @@ -20,8 +20,7 @@ config SUNRPC_XPRT_RDMA config RPCSEC_GSS_KRB5 tristate depends on SUNRPC && CRYPTO - prompt "Secure RPC: Kerberos V mechanism" if !(NFS_V4 || NFSD_V4) - default y + prompt "Secure RPC: Kerberos V mechanism" select SUNRPC_GSS select CRYPTO_MD5 select CRYPTO_DES -- Pengutronix e.K. | Uwe Kleine-König | Industrial Linux Solutions | http://www.pengutronix.de/ | -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists