| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+55aFy7wBV7=Msk08MU2nLo74Wup6FR9zjOptYk0z4Z-N=AFg@mail.gmail.com>
Date: Fri, 12 Jan 2018 09:55:45 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: David Laight <David.Laight@...lab.com>
Cc: Willy Tarreau <w@....eu>, Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Peter Zijlstra <peterz@...radead.org>,
LKML <linux-kernel@...r.kernel.org>, X86 ML <x86@...nel.org>,
Borislav Petkov <bp@...en8.de>,
Brian Gerst <brgerst@...il.com>,
Ingo Molnar <mingo@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
Josh Poimboeuf <jpoimboe@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kees Cook <keescook@...omium.org>
Subject: Re: [RFC PATCH v2 6/6] x86/entry/pti: don't switch PGD on when
pti_disable is set
On Fri, Jan 12, 2018 at 8:27 AM, David Laight <David.Laight@...lab.com> wrote:
>
> You need to allow for libraries that create threads before main()
> is called.
I really don't think we do. I think the normal case is the wrapper.
Processes should never say "I'm so important that I'm disabling PTI".
That's crazy talk, and wrong.
It's wrong for all the usual reasons - everybody always thinks that
_their_ own work is so important and bug-free, and that things like
PTI are about protecting all those other imcompetent people.
No. Bullshit. Nobody should ever disable PTI for themselves, because
nobody is inherently trustworthy.
Instead, we have the case of something _external_ saying "this
process is so important that it should be started without PTI".
Linus
Powered by blists - more mailing lists