| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 9 Oct 2011 16:45:40 +0300
From: Adrian Bunk <bunk@...sta.de>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: Andrew Lutomirski <luto@....edu>,
"H. Peter Anvin" <hpa@...ux.intel.com>,
Ingo Molnar <mingo@...hat.com>, x86@...nel.org,
LKML <linux-kernel@...r.kernel.org>,
Andrew Morton <akpm00@...il.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Arjan van de Ven <arjan@...radead.org>
Subject: Re: [3.1 patch] x86: default to vsyscall=native
On Thu, Oct 06, 2011 at 12:01:44AM +0200, Thomas Gleixner wrote:
>...
> We might need better dmesg output, e.g.
>
> printk_once("you might run something which requires
> vsyscall=native, but be aware that you are
> opening a security hole. See Documentation/....")
>
> That's fine, but making the defaults insecure is just ass backwards.
Better dmesg output is in any case a better idea, patch is coming.
I stayed with warn_bad_vsyscall() instead of printk_once() for
the following reasons:
- _once is bad for something that might indicate exploit attempts,
warn_bad_vsyscall() is already ratelimited
- the name and pid of the process should be shown
- the additional output of warn_bad_vsyscall() can help determine
what caused it
> Thanks,
>
> tglx
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists