| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080320220540.GA29012@elte.hu> Date: Thu, 20 Mar 2008 23:05:40 +0100 From: Ingo Molnar <mingo@...e.hu> To: "Frank Ch. Eigler" <fche@...hat.com> Cc: Mathieu Desnoyers <mathieu.desnoyers@...ymtl.ca>, akpm@...ux-foundation.org, linux-kernel@...r.kernel.org, Jon Masters <jcm@...masters.org>, Jon Masters <jcm@...hat.com>, Rusty Russell <rusty@...tcorp.com.au>, Christoph Hellwig <hch@...radead.org>, Linus Torvalds <torvalds@...ux-foundation.org> Subject: Re: [patch 4/4] Markers Support for Proprierary Modules * Frank Ch. Eigler <fche@...hat.com> wrote: > Ingo Molnar <mingo@...e.hu> writes: > > >> There seems to be good arguments for markers to support proprierary > >> modules. So I am throwing this one-liner in and let's see how people > >> react. [...] > > > > ugh, this is unbelievably stupid move technically - so a very strong > > NACK. Allowing marker use in unfixable modules (today it's placing > > markers into unfixable modules, > > As the thread suggested, this can benefit us more than it benefits > them, because it may let us see more into the blobs. > > > tomorrow it's marker use by such modules) has only one clear and > > predictable effect: it turns marker calls into essential ABIs [...] > > The marker_probe_*register calls are already EXPORT_SYMBOL_GPL'd, so > that covers your "tomorrow" case. NACK that all you like when/if > someone proposes changing that. i very much know that they are exported that way. It's the concept i'm against - dont we have 9 million lines of proper kernel source code to worry about? Why are we even arguing about this? Binary modules should be as isolated as possible - it's a totally untrusted entity and history has shown it again and again that the less infrastructure coupling we have to them, the better. > > [if the proprietary modules attach to kernel markers ...] then all > > the pressure is on those who _can_ fix their code - meaning the > > kernel subsystem maintainers that use [you mean: define] markers. > > (In a way, it would be a nice problem to have. At this moment, there > are still no markers actually committed within -mm nor -linus.) ... which makes it doubly problematic to expose them to binary-only modules in any way, shape or form. Really, once _any_ kernel facility is used by such a module, it's pain for us to change it from that point on. Once markers are a 10 year concept that nobody in their right mind would want to change, sure, we dont _care_ about whether it's export or not, and basic courtesy might say that it's OK to do it. But to proactively export any aspect of a half-done piece of infrastructure is crazy. Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists