From: Adrian Bunk <bunk@stusta.de>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Andrew Lutomirski <luto@mit.edu>,
"H. Peter Anvin" <hpa@linux.intel.com>,
Ingo Molnar <mingo@redhat.com>,
x86@kernel.org, LKML <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm00@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Arjan van de Ven <arjan@infradead.org>
Subject: Re: [3.1 patch] x86: default to vsyscall=native
Date: Sun, 9 Oct 2011 16:45:40 +0300 [thread overview]
Message-ID: <20111009134539.GC4586@localhost.pp.htv.fi> (raw)
In-Reply-To: <alpine.LFD.2.02.1110052346080.18778@ionos>
On Thu, Oct 06, 2011 at 12:01:44AM +0200, Thomas Gleixner wrote:
>...
> We might need better dmesg output, e.g.
>
> printk_once("you might run something which requires
> vsyscall=native, but be aware that you are
> opening a security hole. See Documentation/....")
>
> That's fine, but making the defaults insecure is just ass backwards.
Better dmesg output is in any case a better idea, patch is coming.
I stayed with warn_bad_vsyscall() instead of printk_once() for
the following reasons:
- _once is bad for something that might indicate exploit attempts,
warn_bad_vsyscall() is already ratelimited
- the name and pid of the process should be shown
- the additional output of warn_bad_vsyscall() can help determine
what caused it
> Thanks,
>
> tglx
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
next prev parent reply other threads:[~2011-10-09 13:45 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-05 21:40 [3.1 patch] x86: default to vsyscall=native Adrian Bunk
2011-10-05 22:01 ` Thomas Gleixner
2011-10-09 13:45 ` Adrian Bunk [this message]
2011-10-09 13:47 ` [3.1 patch] x86 vsyscall_64.c: better error message on bad pointers Adrian Bunk
-- strict thread matches above, loose matches on Subject: below --
2011-10-03 9:08 [3.1 patch] x86: default to vsyscall=native Adrian Bunk
2011-10-03 13:04 ` Andrew Lutomirski
2011-10-03 17:33 ` Adrian Bunk
2011-10-03 18:06 ` Andrew Lutomirski
2011-10-03 18:41 ` Adrian Bunk
2011-10-05 22:13 ` Andrew Lutomirski
2011-10-05 22:22 ` richard -rw- weinberger
2011-10-05 22:30 ` Adrian Bunk
2011-10-05 22:41 ` richard -rw- weinberger
2011-10-05 22:46 ` Andrew Lutomirski
2011-10-05 23:36 ` Andrew Lutomirski
2011-10-06 3:06 ` Andrew Lutomirski
2011-10-06 12:12 ` richard -rw- weinberger
2011-10-06 15:37 ` richard -rw- weinberger
2011-10-06 18:16 ` Andrew Lutomirski
2011-10-06 18:34 ` Linus Torvalds
2011-10-07 0:48 ` Andrew Lutomirski
2011-10-10 11:19 ` richard -rw- weinberger
2011-10-10 11:48 ` Ingo Molnar
2011-10-10 15:31 ` Andrew Lutomirski
2011-10-11 6:22 ` Ingo Molnar
2011-10-05 22:24 ` Adrian Bunk
2011-10-03 13:19 ` richard -rw- weinberger
2011-10-03 17:46 ` Adrian Bunk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111009134539.GC4586@localhost.pp.htv.fi \
--to=bunk@stusta.de \
--cc=akpm00@gmail.com \
--cc=arjan@infradead.org \
--cc=hpa@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@mit.edu \
--cc=mingo@redhat.com \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.