* config NONPROMISC_DEVMEM: help text and logic are confusing
@ 2008-05-04 14:35 Stefan Richter
2008-06-05 20:37 ` [PATCH regression fix] x86: fix CONFIG_NONPROMISC_DEVMEM prompt and help text Stefan Richter
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Richter @ 2008-05-04 14:35 UTC (permalink / raw)
To: linux-kernel; +Cc: Arjan van de Ven, Ingo Molnar, Thomas Gleixner
The subject option, prompt "Disable promiscuous /dev/mem" in the menu
called "Kernel hacking", does the following as far as I understand the
patch description in commit ae531c26c5c2a28ca1b35a75b39b3b256850f2c8:
y = tighter security of /dev/mem,
n = unfiltered access through /dev/mem.
Yet the Kconfig help text contains the sentence
With this config option, you allow userspace access to all of
memory, [...]
Shouldn't this read
Say N to allow userspace access to all of memory, [...]
Say Y if you want improved security.
Also see commit 1f56cf1c58c81f7ecf16f5e99ac4a333d9dc9aea: This changed
the default of the option from y to n. But the help text still says:
The /dev/mem file by default only allows userspace access to PCI
space and the BIOS code and data regions.
This is apparently wrong with "default n".
Furthermore, most of the options in the "Kernel hacking" menu follow the
logic of "Y = additional debug features", "N = for normal use". With
NONPROMISC_DEVMEM it is the other way around. Besides, an option whose
prompt says "Disable something" is generally bad; better is "Enable
something" because this is what the vast majority of options do and thus
avoid "yes means no" logic.
So, wouldn't it be better to have
config PROMISCUOUS_DEVMEM
bool "Promiscuous /dev/mem"
# default to old semantics for a transition period
default y
help
This option opens up /dev/mem for access to all memory which
is useful for debugging and for [insert other uses here:
buggy legacy applications?] ...
Say Y if...
If ..., say N.
If I misunderstood something, please correct me. And the Kconfig entry
and its help text too, because I believe I won't be the only earthling
who gets it wrong. Thanks,
--
Stefan Richter
-=====-==--- -=-= --=--
http://arcgraph.de/sr/
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH regression fix] x86: fix CONFIG_NONPROMISC_DEVMEM prompt and help text
2008-05-04 14:35 config NONPROMISC_DEVMEM: help text and logic are confusing Stefan Richter
@ 2008-06-05 20:37 ` Stefan Richter
2008-06-05 20:47 ` Stefan Richter
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Richter @ 2008-06-05 20:37 UTC (permalink / raw)
To: Linus Torvalds
Cc: Arjan van de Ven, Ingo Molnar, Thomas Gleixner, linux-kernel
Here is an attempt to translate the prompt and help text into something
which is legible and, as a bonus, correct.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
---
Bogosity already reported on May 4.
Besides, AFAICT it is a security option, not a debug option, hence
misplaced in Kconfig.debug. It would be an actual debug option if the
logic was the inverse: PROMISC_DEVMEM, bool "Promiscuous /dev/mem".
arch/x86/Kconfig.debug | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
Index: linux/arch/x86/Kconfig.debug
===================================================================
--- linux.orig/arch/x86/Kconfig.debug
+++ linux/arch/x86/Kconfig.debug
@@ -6,15 +6,19 @@ config TRACE_IRQFLAGS_SUPPORT
source "lib/Kconfig.debug"
config NONPROMISC_DEVMEM
- bool "Disable promiscuous /dev/mem"
+ bool "Restricted access to /dev/mem"
help
- The /dev/mem file by default only allows userspace access to PCI
- space and the BIOS code and data regions. This is sufficient for
- dosemu and X and all common users of /dev/mem. With this config
- option, you allow userspace access to all of memory, including
- kernel and userspace memory. Accidental access to this is
- obviously disasterous, but specific access can be used by people
- debugging the kernel.
+ If this option is left off, you allow userspace access to all
+ of memory, including kernel and userspace memory. Accidental
+ access to this is obviously disastrous, but specific access can
+ be used by people debugging the kernel.
+
+ If this option is switched on, the /dev/mem file only allows
+ userspace access to PCI space and the BIOS code and data regions.
+ This is sufficient for dosemu and X and all common users of
+ /dev/mem.
+
+ If in doubt, say Y.
config EARLY_PRINTK
bool "Early printk" if EMBEDDED
--
Stefan Richter
-=====-==--- -==- --=-=
http://arcgraph.de/sr/
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH regression fix] x86: fix CONFIG_NONPROMISC_DEVMEM prompt and help text
2008-06-05 20:37 ` [PATCH regression fix] x86: fix CONFIG_NONPROMISC_DEVMEM prompt and help text Stefan Richter
@ 2008-06-05 20:47 ` Stefan Richter
0 siblings, 0 replies; 3+ messages in thread
From: Stefan Richter @ 2008-06-05 20:47 UTC (permalink / raw)
To: Linus Torvalds
Cc: Arjan van de Ven, Ingo Molnar, Thomas Gleixner, linux-kernel
Stefan Richter wrote:
> config NONPROMISC_DEVMEM
> - bool "Disable promiscuous /dev/mem"
> + bool "Restricted access to /dev/mem"
Hmm, now "N" could be mistaken for "no access at all".
From: Stefan Richter <stefanr@s5r6.in-berlin.de>
Here is an attempt to translate the prompt and help text into something
which is legible and, as a bonus, correct.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
---
arch/x86/Kconfig.debug | 20 ++++++++++++--------
1 file changed, 12 insertions(+), 8 deletions(-)
Index: linux/arch/x86/Kconfig.debug
===================================================================
--- linux.orig/arch/x86/Kconfig.debug
+++ linux/arch/x86/Kconfig.debug
@@ -6,15 +6,19 @@ config TRACE_IRQFLAGS_SUPPORT
source "lib/Kconfig.debug"
config NONPROMISC_DEVMEM
- bool "Disable promiscuous /dev/mem"
+ bool "Filter access to /dev/mem"
help
- The /dev/mem file by default only allows userspace access to PCI
- space and the BIOS code and data regions. This is sufficient for
- dosemu and X and all common users of /dev/mem. With this config
- option, you allow userspace access to all of memory, including
- kernel and userspace memory. Accidental access to this is
- obviously disasterous, but specific access can be used by people
- debugging the kernel.
+ If this option is left off, you allow userspace access to all
+ of memory, including kernel and userspace memory. Accidental
+ access to this is obviously disastrous, but specific access can
+ be used by people debugging the kernel.
+
+ If this option is switched on, the /dev/mem file only allows
+ userspace access to PCI space and the BIOS code and data regions.
+ This is sufficient for dosemu and X and all common users of
+ /dev/mem.
+
+ If in doubt, say Y.
config EARLY_PRINTK
bool "Early printk" if EMBEDDED
--
Stefan Richter
-=====-==--- -==- --=-=
http://arcgraph.de/sr/
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-06-05 20:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-05-04 14:35 config NONPROMISC_DEVMEM: help text and logic are confusing Stefan Richter
2008-06-05 20:37 ` [PATCH regression fix] x86: fix CONFIG_NONPROMISC_DEVMEM prompt and help text Stefan Richter
2008-06-05 20:47 ` Stefan Richter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).