| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 6 Jan 2012 08:10:37 +0100 From: Ingo Molnar <mingo@...e.hu> To: Nick Bowler <nbowler@...iptictech.com> Cc: Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org, Alexander Viro <viro@...iv.linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org>, Rik van Riel <riel@...hat.com>, Federica Teodori <federica.teodori@...glemail.com>, Lucian Adrian Grijincu <lucian.grijincu@...il.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Eric Paris <eparis@...hat.com>, Randy Dunlap <rdunlap@...otime.net>, Dan Rosenberg <drosenberg@...curity.com>, linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: [PATCH v2012.1] fs: symlink restrictions on sticky directories * Nick Bowler <nbowler@...iptictech.com> wrote: > > >> +config PROTECTED_STICKY_SYMLINKS > > >> + bool "Protect symlink following in sticky world-writable directories" > > >> + default y > > > [...] > > > > > > Why do we need a config option for this? What's wrong > > > with just using the sysctl? > > > > This way the sysctl can configured directly without needing > > to have a distro add a new item to sysctl.conf. > > This seems totally pointless to me. [...] It's how we add new features typically. From a distro's POV .config's are a lot more durable than system specific sysctl.conf's. User can of course still override via the sysctl.conf, but the kernel (and the distro) wants to provide a sane default that does not depend on userspace settings. Also, there are people who test new kernels but don't want to change the underlying distro. Twiddling such .config values is quite straightforward for them. > [...] There are tons of sysctls that don't have Kconfig > options: what makes this one special? Those are old mistakes we want to forget about. > > > Why have you made this option "default y", when enabling > > > it clearly makes user-visible changes to kernel behaviour? > > > > Ingo specifically asked me to make it "default y". > > But this is a brand new feature that changes longstanding > behaviour of various syscalls. Making it default to enabled > is rather mean to users (since it will tend to get enabled by > "oldconfig") and seems almost guaranteed to cause regressions. The changelog of the feature (which feature has been in use for years in various [admittedly smaller] distros) says that it does not break apps. Worth a try: it will be very easy to flip it back if it causes a regression - but we'd like it to have at least *some* testing in the merge window to see whether there *is* some broken (or not so broken) app that relies on the current semantics. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists