lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120718091313.GA13085@gmail.com>
Date:	Wed, 18 Jul 2012 11:13:13 +0200
From:	Ingo Molnar <mingo@...nel.org>
To:	david@...g.hm
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Borislav Petkov <bp@...64.org>,
	Cyrill Gorcunov <gorcunov@...nvz.org>,
	Pekka Enberg <penberg@...nel.org>,
	richard -rw- weinberger <richard.weinberger@...il.com>,
	"Myklebust, Trond" <Trond.Myklebust@...app.com>,
	Dave Jones <davej@...hat.com>,
	Greg Kroah-Hartman <greg@...ah.com>,
	Ubuntu Kernel Team <kernel-team@...ts.ubuntu.com>,
	Debian Kernel Team <debian-kernel@...ts.debian.org>,
	OpenSUSE Kernel Team <opensuse-kernel@...nsuse.org>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Ingo Molnar <mingo@...e.hu>,
	Sasha Levin <levinsasha928@...il.com>,
	Asias He <asias.hejun@...il.com>,
	Pavel Emelyanov <xemul@...allels.com>
Subject: Re: [opensuse-kernel] Re: [RFC] Simplifying kernel configuration for
 distro issues


* david@...g.hm <david@...g.hm> wrote:

> On Wed, 18 Jul 2012, Ingo Molnar wrote:
> 
> >* david@...g.hm <david@...g.hm> wrote:
> >
> >>>Anybody who says "I want to run Fedora without SELINUX
> >>>because I do my own security development" is by *definition*
> >>>not relevant to the whole feature.
> >>
> >>Don't mistake the example for the feature. the SELINUX thing
> >>is just an example. As Alan Cox commented, taking a distro
> >>config and disabling one thing is a common troubleshooting
> >>request from kernel developers.
> >
> >It's still irrelevant:
> >
> >- if a user chooses a distro config it means that he is using
> >  that distro. Disabling an essential component of the distro
> >  config, even if a kernel developer asks for it, will likely
> >  break that distro and is thus a dumb thing to do. (the
> >  typical user will also be unlikely to be *able* to edit a
> >  .config and make sure it works.)
> 
> that's assuming that everything listed really is essential.

See the requirements in Linus's earlier mail:

------------->

The *two* requirements (and they're really the same theme) I
personally think we should have for this are

 - I think every single "select" for these things should come 
with a comment about what it is about and why the distro needs 
it (to show there was some thought involved and not just a blind 
"took it from the distro config")

 - It should be about *minimal* settings. I'd rather have too 
few things and the occasional complaint about "oh, it didn't 
work because it missed XYZ" than have it grow to contain all the 
options just because somebody decided to just add random things 
until things worked.

<-------------

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ