From: Dan Carpenter <firstname.lastname@example.org> To: Alexey Dobriyan <email@example.com> Cc: Willy Tarreau <firstname.lastname@example.org>, Andrew Morton <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org Subject: Re: [PATCH v2] execve: warn if process starts with executable stack Date: Fri, 13 Dec 2019 12:56:34 +0300 [thread overview] Message-ID: <20191213095634.GB2407@kadam> (raw) In-Reply-To: <20191212212520.GA9682@avx2> On Fri, Dec 13, 2019 at 12:25:20AM +0300, Alexey Dobriyan wrote: > On Wed, Dec 11, 2019 at 07:24:01PM +0100, Willy Tarreau wrote: > > On Wed, Dec 11, 2019 at 09:19:33PM +0300, Alexey Dobriyan wrote: > > > Reports are better be done by people who know what they are doing, as in > > > understand what executable stack is and what does it mean in reality. > > > > > > > Otherwise it will just go to /dev/null with all warning about bad blocks > > > > on USB sticks and CPU core throttling under high temperature. > > > > > > That's fine. You don't want bugreports from people who don't know what > > > is executable stack. Every security bug bounty program is flooded by > > > such people. This is why message is worded in a neutral way. > > > > Well we definitely don't have the same experience with user reports. I > > was just suggesting, but since you apparently already have all the > > responses you needed, I'm even wondering why the warning remains. > > Willy, whatever instructions for users you have in mind must be > different for different people. Developer should be told to add > "-Wl,-z,noexecstack" and more. Regular user (define "regular") should be > told to send bugreport if the program really needs executable stack > which again splits into two situations: exec stack was added knowingly > because it is some old program with lost source code or it was readded > by mistake. > > "Complain to linux-kernel" is meaningless, kernel is not responsible. > > What the message is even supposed to say? > You could direct people to a website and then update the instructions as needed. regards, dan carpenter
next prev parent reply other threads:[~2019-12-13 9:57 UTC|newest] Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top 2019-12-08 17:19 Alexey Dobriyan 2019-12-11 1:47 ` Andrew Morton 2019-12-11 7:22 ` Alexey Dobriyan 2019-12-11 9:59 ` Willy Tarreau 2019-12-11 18:19 ` Alexey Dobriyan 2019-12-11 18:24 ` Willy Tarreau 2019-12-12 21:25 ` Alexey Dobriyan 2019-12-13 9:56 ` Dan Carpenter [this message] 2019-12-13 10:23 ` Willy Tarreau 2020-02-25 21:52 ` Kees Cook
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20191213095634.GB2407@kadam \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --subject='Re: [PATCH v2] execve: warn if process starts with executable stack' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).