lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 19 Nov 2010 12:04:47 -0800
From:	Linus Torvalds <torvalds@...ux-foundation.org>
To:	david@...g.hm
Cc:	Sarah Sharp <sarah.a.sharp@...ux.intel.com>,
	Marcus Meissner <meissner@...e.de>,
	linux-kernel@...r.kernel.org, tj@...nel.org,
	akpm@...ux-foundation.org, hpa@...or.com, mingo@...e.hu, w@....eu,
	alan@...rguk.ukuu.org.uk
Subject: Re: [PATCH] kernel: make /proc/kallsyms mode 400 to reduce ease of attacking

On Fri, Nov 19, 2010 at 11:58 AM,  <david@...g.hm> wrote:
>
> how far back do we need to maintain compatibility with userspace?
>
> Is this something that we can revisit in a few years and lock it down then?

The rule is basically "we never break user space".

But the "out" to that rule is that "if nobody notices, it's not
broken". In a few years? Who knows?

So breaking user space is a bit like trees falling in the forest. If
there's nobody around to see it, did it really break?

                   Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ