On Fri, Oct 26, 2012 at 1:27 PM, Linus Torvalds
wrote:
> On Fri, Oct 26, 2012 at 1:23 PM, Kees Cook wrote:
>>
>> I'd like it to be the exception to turn it _off_, rather than the
>> exception to turn it on.
>
> Kees, you don't seem to understand.
>
> Breaking applications is unacceptable. End of
On 10/26/2012 01:23 PM, Kees Cook wrote:
>
> Every distro will ship with this enabled (except perhaps Damn
> Vulnerable Linux), so why make it harder?
>
So please remind me why can't it be on by default in code.
And the normal sysctl to turn it off for these who want to
experiment with "filesyst
On Fri, Oct 26, 2012 at 1:23 PM, Kees Cook wrote:
>
> I'd like it to be the exception to turn it _off_, rather than the
> exception to turn it on.
Kees, you don't seem to understand.
Breaking applications is unacceptable. End of story. It's broken them.
Get over it.
Distributions can turn it on
On Fri, Oct 26, 2012 at 1:12 PM, Linus Torvalds
wrote:
> On Fri, Oct 26, 2012 at 12:46 PM, Kees Cook wrote:
>> Would a single config item be acceptable? What would be an agreeable
>> way to enable this at build-time?
>
> I dunno. Maybe a CONFIG_LOCKDOWN thing that sets a few of our other
> defaul
On Fri, Oct 26, 2012 at 12:46 PM, Kees Cook wrote:
>
> I think there's value in being able to enable these protections at
> build-time so there's no need for a distro to have to ship extra
> files/lines, spend time setting it, etc.
The "value in not having to change the distro" is valid value. Th
On Fri, Oct 26, 2012 at 12:21 PM, Linus Torvalds
wrote:
> On Fri, Oct 26, 2012 at 11:50 AM, Kees Cook wrote:
>> There are situations where devices running without initrds may need
>> very early protection from link vulnerabilities
>
> I really don't see what this argument is all about.
>
> If you
On Fri, Oct 26, 2012 at 11:50 AM, Kees Cook wrote:
> There are situations where devices running without initrds may need
> very early protection from link vulnerabilities
I really don't see what this argument is all about.
If you don't have initrd, you still have early bootup scripts etc.
If yo
On Fri, Oct 26, 2012 at 11:50:21AM -0700, Kees Cook wrote:
> +config PROTECTED_SYMLINKS_SYSCTL
> + int
> + default "1" if PROTECTED_SYMLINKS
> + default "0"
If anything, use IS_ENABLED instead...
> -int sysctl_protected_symlinks __read_mostly = 0;
> -int sysctl_protected_hardlinks __
There are situations where devices running without initrds may need
very early protection from link vulnerabilities, so make these sysctls
configurable at build time, since 561ec64ae67e ("VFS: don't do protected
{sym,hard}links by default") has disabled the protections by default.
Cc: Alexander Vi
9 matches
Mail list logo
