| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20120219123151.GA25900@elte.hu> Date: Sun, 19 Feb 2012 13:31:51 +0100 From: Ingo Molnar <mingo@...e.hu> To: Kees Cook <keescook@...omium.org> Cc: Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, Alexander Viro <viro@...iv.linux.org.uk>, Rik van Riel <riel@...hat.com>, Federica Teodori <federica.teodori@...glemail.com>, Lucian Adrian Grijincu <lucian.grijincu@...il.com>, Peter Zijlstra <a.p.zijlstra@...llo.nl>, Eric Paris <eparis@...hat.com>, Randy Dunlap <rdunlap@...otime.net>, Dan Rosenberg <drosenberg@...curity.com>, linux-doc@...r.kernel.org, linux-fsdevel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: [PATCH v2012.2] fs: symlink restrictions on sticky directories * Kees Cook <keescook@...omium.org> wrote: > >> > I think I disagree with this. __If the person compiling > >> > the kernel includes the feature in his kernel via the > >> > time-honoured process of "wtf is that thing? __Yeah, > >> > whatev", it gets turned on by default. __This could > >> > easily result in weird failures which would take a *long* > >> > time for an unsuspecting person to debug. > >> > > >> > Would it not be kinder to our users to start this out as > >> > turned-off-at-runtime unless the kernel configurer has > >> > deliberately gone in and enabled it? > >> > >> There was a fair bit of back-and-forth discussion about it. > >> Originally, I had it disabled, but, IIRC, Ingo urged me to > >> have it be the default. I can sent a patch to disable it if > >> you want. > > > > What is the reasoning behind the current setting? > > The logic is currently: > > - from a security perspective, enabling the restriction is > safer > - in the last many years, nothing has been found to be > broken by this restriction > > The evidence for the second part mostly comes from people's > recollections using OpenWall, grsecurity, and lately Ubuntu. I > can speak from the Ubuntu history, which is that in the 1.5 > years the symlink restriction has been enabled, no bugs about > it were reported that I'm aware of (and I was aware of, and > fixed, several of bugs in the other restrictions that are > carried in Ubuntu). I'd say all this current evidence suggests that it should be on by default - having it off only helps attackers and hermite systems. So at minimum we should wait until the first regression report before twiddling it off. I could be wrong though. Thanks, Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists