lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+55aFzDcqLzLD0_o0MG9698J0x3HKK7nY46O-DnBjExHG8zrA@mail.gmail.com>
Date:   Tue, 21 Nov 2017 04:34:15 -1000
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Matthew Garrett <mjg59@...f.ucam.org>
Cc:     Kees Cook <keescook@...omium.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        David Windsor <dave@...lcore.net>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [GIT PULL] usercopy whitelisting for v4.15-rc1

[ this is just a resend of yesterday's mobile html version that got
rejected by the lists, sorry for the duplication ]

On Mon, Nov 20, 2017 at 9:50 AM, Matthew Garrett <mjg59@...f.ucam.org> wrote:
>
> Can you clarify a little with regard to how you'd have liked this
> patchset to look?

So I think the actual status of the patches is fairly good with the
default warning.

But what I'd really like to see is to not have to worry so much about
these hardening things. The last set of user access hardening really
was more painful than it might have been.

And largely due to that I was really dreading pulling this one - and
then with 20+ pulls a day because I really wanted to get everything
big merged before travel, I basically ran out of time.

Part of that is probably also because the 4.15 merge window actually
ended up bigger than I expected. I was perhaps naive, but I expected
that because of 4.14 being LTS, this release would be smaller (like
4.9 vs 4.10) but that never happened.

So where I'd really like to be is simply that these pulls wouldn't be
so nerve wracking for me. And that's largely me worrying about the
approach people are taking, which is why I then reacted so strongly to
the whole "warnings came later".

Sorry for the strong words.

     Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ