| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130127040104.GA5422@rhlx01.hs-esslingen.de> Date: Sun, 27 Jan 2013 05:01:04 +0100 From: Andreas Mohr <andi@...as.de> To: Alexander Holler <holler@...oftware.de> Cc: linux-kernel@...r.kernel.org, Linus Torvalds <torvalds@...ux-foundation.org>, Russell King <linux@....linux.org.uk>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Dick Streefland <dick@...eefland.net> Subject: Re: [PATCH 0/3] Include kernel config by default Hi, [CC'd extract-ikconfig creator] > I've seen too many systems where the config to build the used kernel got > lost and people were unable to diagnose problems or to rebuild a modified > or updated kernel. It's a subject which worries me since several years. I'm strongly in favour of such a change. The actual config is simply very important for traceability. In a recent case of mine I simply built the kernel on an external HDD and did not copy the config file on deployment (e.g. to /boot). With that kernel build tree then unavailable, I then realized that this kernel fortunately did have IKCONFIG_PROC enabled, thus configs.ko was available for (re-)use. However an argument could be made that the default setting should be the bare-minimum needed to provide this information source in emergency cases (i.e., a manual run of scripts/extract-ikconfig would be in order and easily acceptable). $ ls -l kernel/configs.ko -rw-r--r-- 1 root root 35788 Jan 25 18:43 kernel/configs.ko IMHO more than 32kB for the proc/config.gz module arguably is quite a bit of code for it to painlessly be enabled by default given availability of other methods of retrieval. However, now that I think of it ISTR that using extract-ikconfig on my bzImage did NOT work yet loading configs.ko of the same install successfully provided a /proc/config.gz. Huh?? If this is the case, then one or both of these things ought to be done: - make extract-ikconfig not fail in such a case - [failing the prior one] enable /proc/config.gz by default, too Aww wait: I was mistaken in thinking that the config data is statically included in the kernel and configs.ko then is about providing /proc only. This not being the case (config data itself is provided by *module*, too) explains both my extract-ikconfig failure on the static kernel image and the size of configs.ko, so additionally enabling /proc/config.gz in this module most likely is a non-issue. However, this means that extract-ikconfig is missing a user error message indicating that the reason for lookup failure perhaps is that the setting is module-based and thus cannot be found in image (extract-ikconfig's header comments don't fully document this fact either). Will be creating a commit for this eventually (or do you want to add such thing to your patchset now? ;). Thanks for your effort, Andreas Mohr -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists