lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120106071037.GA14188@elte.hu>
Date:	Fri, 6 Jan 2012 08:10:37 +0100
From:	Ingo Molnar <mingo@...e.hu>
To:	Nick Bowler <nbowler@...iptictech.com>
Cc:	Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org,
	Alexander Viro <viro@...iv.linux.org.uk>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Rik van Riel <riel@...hat.com>,
	Federica Teodori <federica.teodori@...glemail.com>,
	Lucian Adrian Grijincu <lucian.grijincu@...il.com>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Eric Paris <eparis@...hat.com>,
	Randy Dunlap <rdunlap@...otime.net>,
	Dan Rosenberg <drosenberg@...curity.com>,
	linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	kernel-hardening@...ts.openwall.com
Subject: Re: [PATCH v2012.1] fs: symlink restrictions on sticky directories


* Nick Bowler <nbowler@...iptictech.com> wrote:

> > >> +config PROTECTED_STICKY_SYMLINKS
> > >> +     bool "Protect symlink following in sticky world-writable directories"
> > >> +     default y
> > > [...]
> > >
> > > Why do we need a config option for this?  What's wrong 
> > > with just using the sysctl?
> > 
> > This way the sysctl can configured directly without needing 
> > to have a distro add a new item to sysctl.conf.
> 
> This seems totally pointless to me. [...]

It's how we add new features typically. From a distro's POV 
.config's are a lot more durable than system specific 
sysctl.conf's.

User can of course still override via the sysctl.conf, but the 
kernel (and the distro) wants to provide a sane default that 
does not depend on userspace settings.

Also, there are people who test new kernels but don't want to 
change the underlying distro. Twiddling such .config values is 
quite straightforward for them.

> [...]  There are tons of sysctls that don't have Kconfig 
> options: what makes this one special?

Those are old mistakes we want to forget about.

> > > Why have you made this option "default y", when enabling 
> > > it clearly makes user-visible changes to kernel behaviour?
> > 
> > Ingo specifically asked me to make it "default y".
> 
> But this is a brand new feature that changes longstanding 
> behaviour of various syscalls.  Making it default to enabled 
> is rather mean to users (since it will tend to get enabled by 
> "oldconfig") and seems almost guaranteed to cause regressions.

The changelog of the feature (which feature has been in use for 
years in various [admittedly smaller] distros) says that it does 
not break apps.

Worth a try: it will be very easy to flip it back if it causes a 
regression - but we'd like it to have at least *some* testing in 
the merge window to see whether there *is* some broken (or not 
so broken) app that relies on the current semantics.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ