lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100830203659.3b9884f6@notabene>
Date:	Mon, 30 Aug 2010 20:36:59 +1000
From:	Neil Brown <neilb@...e.de>
To:	Uwe Kleine-König 
	<u.kleine-koenig@...gutronix.de>
Cc:	Randy Dunlap <randy.dunlap@...cle.com>,
	Trond Myklebust <Trond.Myklebust@...app.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	akpm@...ux-foundation.org, linux-kernel@...r.kernel.org,
	"J. Bruce Fields" <bfields@...ldses.org>, linux-nfs@...r.kernel.org
Subject: Re: [REGRESSION PATCH] NFS: let NFS_V4 and NFSD_V4 enforce CRYPTO

On Mon, 30 Aug 2010 10:26:18 +0200
Uwe Kleine-König <u.kleine-koenig@...gutronix.de> wrote:

> [extending Cc: to contain Neil and linux-nfs]
> 
> On Fri, Aug 27, 2010 at 08:11:39AM +0200, Uwe Kleine-König wrote:
> > On Wed, Aug 25, 2010 at 11:05:19AM +0200, Uwe Kleine-König wrote:

I would tend to wait more than 2 days between pings..


> > > This is a follow up to
> > > 
> > > 	df486a2 (NFS: Fix the selection of security flavours in Kconfig)
> > > 
> > > which broke (among others) arm/mx1_defconfig.
> > > 
> > > Moreover let NFS_V4 select RPCSEC_GSS_KRB5 again as it was before
> > > df486a2.  This make the dependency more explicit than relying on the no
> > > prompt + default y if !(NFS_V4 || NFSD_V4).

Maybe if you said a little bit about how it broke?
And I'm not sure of the point of the "recursive dependency" comment below...

I don't fully understand all the issues behind choosing between 'depends' and
'select' (why isn't is 'selects' I wonder - that would be more consistent...)

But that patch seems to make sense to me.

NeilBrown


> > > 
> > > Signed-off-by: Uwe Kleine-König <u.kleine-koenig@...gutronix.de>
> > ping
> ping^2
> > 
> > > ---
> > >  fs/nfs/Kconfig     |    2 ++
> > >  fs/nfsd/Kconfig    |    2 ++
> > >  net/sunrpc/Kconfig |    2 +-
> > >  3 files changed, 5 insertions(+), 1 deletions(-)
> > > 
> > > diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig
> > > index 6c2aad4..5b9f870 100644
> > > --- a/fs/nfs/Kconfig
> > > +++ b/fs/nfs/Kconfig
> > > @@ -63,6 +63,8 @@ config NFS_V3_ACL
> > >  config NFS_V4
> > >  	bool "NFS client support for NFS version 4"
> > >  	depends on NFS_FS
> > > +	select CRYPTO # recursive select: RPCSEC_GSS_KRB5 depends on CRYPTO
> > > +	select RPCSEC_GSS_KRB5
> > >  	help
> > >  	  This option enables support for version 4 of the NFS protocol
> > >  	  (RFC 3530) in the kernel's NFS client.
> > > diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig
> > > index 95932f5..3678a16 100644
> > > --- a/fs/nfsd/Kconfig
> > > +++ b/fs/nfsd/Kconfig
> > > @@ -69,6 +69,8 @@ config NFSD_V4
> > >  	depends on NFSD && PROC_FS && EXPERIMENTAL
> > >  	select NFSD_V3
> > >  	select FS_POSIX_ACL
> > > +	select CRYPTO # recursive select: RPCSEC_GSS_KRB5 depends on CRYPTO
> > > +	select RPCSEC_GSS_KRB5
> > >  	help
> > >  	  This option enables support in your system's NFS server for
> > >  	  version 4 of the NFS protocol (RFC 3530).
> > > diff --git a/net/sunrpc/Kconfig b/net/sunrpc/Kconfig
> > > index 3376d76..6b661e3 100644
> > > --- a/net/sunrpc/Kconfig
> > > +++ b/net/sunrpc/Kconfig
> > > @@ -20,7 +20,7 @@ config SUNRPC_XPRT_RDMA
> > >  config RPCSEC_GSS_KRB5
> > >  	tristate
> > >  	depends on SUNRPC && CRYPTO
> > > -	prompt "Secure RPC: Kerberos V mechanism" if !(NFS_V4 || NFSD_V4)
> > > +	prompt "Secure RPC: Kerberos V mechanism"
> > >  	default y
> > >  	select SUNRPC_GSS
> > >  	select CRYPTO_MD5
> > > -- 
> > > 1.7.1
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ