From: Alexey Dobriyan <email@example.com> To: Willy Tarreau <firstname.lastname@example.org> Cc: Andrew Morton <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com Subject: Re: [PATCH v2] execve: warn if process starts with executable stack Date: Fri, 13 Dec 2019 00:25:20 +0300 [thread overview] Message-ID: <20191212212520.GA9682@avx2> (raw) In-Reply-To: <20191211182401.GF31670@1wt.eu> On Wed, Dec 11, 2019 at 07:24:01PM +0100, Willy Tarreau wrote: > On Wed, Dec 11, 2019 at 09:19:33PM +0300, Alexey Dobriyan wrote: > > Reports are better be done by people who know what they are doing, as in > > understand what executable stack is and what does it mean in reality. > > > > > Otherwise it will just go to /dev/null with all warning about bad blocks > > > on USB sticks and CPU core throttling under high temperature. > > > > That's fine. You don't want bugreports from people who don't know what > > is executable stack. Every security bug bounty program is flooded by > > such people. This is why message is worded in a neutral way. > > Well we definitely don't have the same experience with user reports. I > was just suggesting, but since you apparently already have all the > responses you needed, I'm even wondering why the warning remains. Willy, whatever instructions for users you have in mind must be different for different people. Developer should be told to add "-Wl,-z,noexecstack" and more. Regular user (define "regular") should be told to send bugreport if the program really needs executable stack which again splits into two situations: exec stack was added knowingly because it is some old program with lost source code or it was readded by mistake. "Complain to linux-kernel" is meaningless, kernel is not responsible. What the message is even supposed to say? It is not even pr_err.
next prev parent reply other threads:[~2019-12-12 21:25 UTC|newest] Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-12-08 17:19 Alexey Dobriyan 2019-12-11 1:47 ` Andrew Morton 2019-12-11 7:22 ` Alexey Dobriyan 2019-12-11 9:59 ` Willy Tarreau 2019-12-11 18:19 ` Alexey Dobriyan 2019-12-11 18:24 ` Willy Tarreau 2019-12-12 21:25 ` Alexey Dobriyan [this message] 2019-12-13 9:56 ` Dan Carpenter 2019-12-13 10:23 ` Willy Tarreau 2020-02-25 21:52 ` Kees Cook
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20191212212520.GA9682@avx2 \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: [PATCH v2] execve: warn if process starts with executable stack' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).