lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Jan 2017 12:25:03 +0100 From: Laura Abbott <labbott@...hat.com> To: Mark Rutland <mark.rutland@....com> Cc: Kees Cook <keescook@...omium.org>, Jason Wessel <jason.wessel@...driver.com>, Jonathan Corbet <corbet@....net>, Russell King <linux@...linux.org.uk>, Catalin Marinas <catalin.marinas@....com>, Will Deacon <will.deacon@....com>, "James E.J. Bottomley" <jejb@...isc-linux.org>, Helge Deller <deller@....de>, Martin Schwidefsky <schwidefsky@...ibm.com>, Heiko Carstens <heiko.carstens@...ibm.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org, Rob Herring <robh@...nel.org>, "Rafael J. Wysocki" <rjw@...ysocki.net>, Len Brown <len.brown@...el.com>, Pavel Machek <pavel@....cz>, Jessica Yu <jeyu@...hat.com>, linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org, linux-parisc@...r.kernel.org, linux-s390@...r.kernel.org, linux-pm@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA On 01/19/2017 11:56 AM, Mark Rutland wrote: > Hi Laura, > > On Wed, Jan 18, 2017 at 05:29:05PM -0800, Laura Abbott wrote: >> >> Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option >> provides key security features that are to be expected on a modern >> system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more >> accurately describes what this option is intended to do. > > This generally sounds good. Thanks for attacking this! > > On the bikeshedding front, *maybe* it would be nice to mention > permissions in the name, something like STRICT_KERNEL_RWX. That might > also prevent the reading of 'hardened' as 'optional overhead'. > > That said, the proposed name is fine by me -- I'm happy so long as > 'DEBUG' goes. > (Apologies for the delay, my SMTP was set up incorrectly so my messages didn't actually get sent out) I like that better since it's describing specifically what the config should be setting as opposed to something more vague. That might fit better with what Pavel was suggesting as well. Thanks, Laura
Powered by blists - more mailing lists