| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 29 Jan 2008 10:44:28 -0600 From: Matt LaPlante <kernel1@...erdogtech.com> To: "Serge E. Hallyn" <serue@...ibm.com> Cc: James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org Subject: Re: "Default Linux Capabilities" default in 2.6.24 On Tue, 29 Jan 2008 07:08:25 -0600 "Serge E. Hallyn" <serue@...ibm.com> wrote: > Quoting James Morris (jmorris@...ei.org): > > On Mon, 28 Jan 2008, Matt LaPlante wrote: > > > > > On Thu, 24 Jan 2008 19:12:01 -0600 > > > Matt LaPlante <kernel1@...erdogtech.com> wrote: > > > > > > > > > > > I'm doing a make oldconfig with the new 2.6.24 kernel. I came to the prompt for "Default Linux Capabilities" which defaults to No: > > > > > > > > --- > > > > Default Linux Capabilities (SECURITY_CAPABILITIES) [N/y/?] (NEW) ? > > > > --- > > > > > > > > However the help text recommends saying Yes. > > > > > > > > --- > > > > This enables the "default" Linux capabilities functionality. > > > > If you are unsure how to answer this question, answer Y. > > > > --- > > > > > > > > Does this seem incongruous? Also, what's the "question"? :) > > > > > > > > Thanks, > > > > Matt LaPlante > > > > > > Anyone? > > > > I think this should be default y. > > True, it was made the default when CONFIG_SECURITY=n a few years ago, > and switching it off when toggling CONFIG_SECURITY is probably unsafe > for unsuspecting users/testers. > > Thanks Matt. > > -serge > > From 0528f582de5534b972abddbb3294a3fb11435a21 Mon Sep 17 00:00:00 2001 > From: sergeh@...ibm.com <hallyn@...nel.(none)> > Date: Tue, 29 Jan 2008 05:04:43 -0800 > Subject: [PATCH 1/1] security: compile capabilities by default > > Capabilities have long been the default when CONFIG_SECURITY=n, > and its help text suggests turning it on when CONFIG_SECURITY=y. > But it is set to default n. > > Default it to y instead. > > Signed-off-by: Serge Hallyn <serue@...ibm.com> > --- > security/Kconfig | 1 + > 1 files changed, 1 insertions(+), 0 deletions(-) > > diff --git a/security/Kconfig b/security/Kconfig > index 8086e61..389e151 100644 > --- a/security/Kconfig > +++ b/security/Kconfig > @@ -76,6 +76,7 @@ config SECURITY_NETWORK_XFRM > config SECURITY_CAPABILITIES > bool "Default Linux Capabilities" > depends on SECURITY > + default y > help > This enables the "default" Linux capabilities functionality. > If you are unsure how to answer this question, answer Y. > -- > 1.5.1 > Acked-by: Matt LaPlante <kernel1@...erdogtech.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists