lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.2.00.0904281043420.22156@localhost.localdomain>
Date:	Tue, 28 Apr 2009 10:50:14 -0700 (PDT)
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	david@...g.hm
cc:	Tejun Heo <tj@...nel.org>, Dave Airlie <airlied@...il.com>,
	Ingo Molnar <mingo@...e.hu>,
	LKML <linux-kernel@...r.kernel.org>
Subject: Re: kms in defconfig



On Tue, 28 Apr 2009, david@...g.hm wrote:
> 
> the other items that you mention (netfilter, etc) are actually the easier ones
> to deal with (you know what you want), and also the place where it's
> impossible to detect what's wanted.

Very wrong.

Especially about the "you know what you want". 

Quite frankly, those choices can be hard even for kernel developers, never 
mind normal users. Have you looked at the _hundreds_ of options for 
various iptables filtering? Do you know which ones you need?

[ Ok, so now you can say "give me the non-complex set" and it will pick 
  the normal ones. It will still ask you about others. I had to ask for 
  that option, and when I did, even the main netfilter developers had to 
  say "ok, I'll have to check".

  The point being - normal mortals have almost no way of knowing which sw 
  features are good, and which are bad. And yes, some of them are really 
  bad. They not only increase compile time, some of them make for horrible 
  performance. You may want to enable some options that increase debug 
  coverage, but can you tell which of them impact kernel performance by a 
  factor of ten on some loads? ]

And that's where starting with a "suggested config" can help. And some of 
the suggestions really are distro-specific, because sometimes different 
distributions depend on different features.

> > So having some kind of (probably inevitably fairly complex) script that
> > you could run to get a config would be good. The problem is that the
> > script would need to be distributed with the kernel, yet it would often
> > also have some nasty distro issues.
> 
> I've seen people talk about creating such tools, but the responses that I've
> seen have tended to discourage them.

I suspect that they'd generally end up handling the easy cases, and seldom 
anything more. At which point they're not all that useful.

		Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ