lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080821064009.GB18831@one.firstfloor.org>
Date:	Thu, 21 Aug 2008 08:40:09 +0200
From:	Andi Kleen <andi@...stfloor.org>
To:	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	Andi Kleen <andi@...stfloor.org>, torvalds@...l.org,
	linux-kernel@...r.kernel.org, Andi Kleen <ak@...ux.intel.com>
Subject: Re: [PATCH] Move sysctl check into debugging section and don't make it default y

> What is a feature change like this doing coming in after the
> merge window?

I considered it a "anti bloat bugfix". Adding 30k of 
object code to allno was a bit too much. 

> Why doesn't an allnoconfig disable sysctl all together?

Because it depends on EMBEDDED and EMBEDDED is not y. Yes it's not
intuitive, on the other hand the end result is reasonable.

> These are the only checks we have against someone doing something
> nasty in the sysctl hierarchy.   We have proven that we don't
> have the discipline to do the right thing with code in the
> core kernel.  I expect out of tree code will be much worse.

My assumption is that they will be run at least once during
a release cycle by someone and then the messages will appear
and be reported. We do the same thing with a lot of other
debug options (lockdep, slab debug, sleep debug etc.,). There's no 
need for this one to be special.

Also I'm not sure the check is all that useful anyways. We
should just not accept any new binary numbered sysctl, and
that's nearly the case anyways.

-Andi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ