| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110609070215.GD7734@elte.hu> Date: Thu, 9 Jun 2011 09:02:15 +0200 From: Ingo Molnar <mingo@...e.hu> To: pageexec@...email.hu Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Andy Lutomirski <luto@....edu>, x86@...nel.org, Thomas Gleixner <tglx@...utronix.de>, linux-kernel@...r.kernel.org, Jesper Juhl <jj@...osbits.net>, Borislav Petkov <bp@...en8.de>, Andrew Morton <akpm@...ux-foundation.org>, Arjan van de Ven <arjan@...radead.org>, Jan Beulich <JBeulich@...ell.com>, richard -rw- weinberger <richard.weinberger@...il.com>, Mikael Pettersson <mikpe@...uu.se>, Andi Kleen <andi@...stfloor.org>, Brian Gerst <brgerst@...il.com>, Louis Rilling <Louis.Rilling@...labs.com>, Valdis.Kletnieks@...edu, Peter Zijlstra <a.p.zijlstra@...llo.nl> Subject: Re: [PATCH] x86-64, vsyscalls: Rename UNSAFE_VSYSCALLS to COMPAT_VSYSCALLS * pageexec@...email.hu <pageexec@...email.hu> wrote: > On 7 Jun 2011 at 12:05, Ingo Molnar wrote: > > > * pageexec@...email.hu <pageexec@...email.hu> wrote: > > > > > you called this feature "borderline security FUD" but have yet > > > to prove it. > > > > No, i did not claim that this feature is "borderline security > > FUD", at all. > > so can i take it as your concession that the vsyscall feature is > indeed a security problem and it's being randomized/(re)moved for > security reasons? Again, i made two statements: "That naming is borderline security FUD" "It's only a security problem if there's a security hole elsewhere." I stand by those statements and i reject your repeated attempts to put words in my mouth that i did not say, such as: > you called this feature "borderline security FUD" [...] > in that case the naming of this feature is correct and you have no > reason to call it "borderline security FUD". so make up your mind! > > > That the *NAMING* is borderline security FUD. (I already applied > > the patches before i wrote that mail, see the commit > > notifications on lkml.) > > how can the name be "borderline security FUD" but what the name > refers to not be that? you see, we name things for a reason, mostly > because we think the name has something to do with the thing it > names, duh? It's borderline security FUD because it suggests that keeping the vsyscall around is in itself a security hole. As i outlined whether there's *another* bug that *can be exploited* is highly dependent on the usecase - while the Kconfig name made no such distinction. (For example a device maker might choose to keep the option enabled in some embedded usecase, those are pretty limited environments that have few vectors of attack.) Anyway, repeating and explaining my arguments a dozen times did not make any difference to you, and there's a point where i have to stop wasting time on a person, so i've started filtering out your mails. If you want to send me any patches then please send it to any of my co-maintainers who will be able to review them. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists