Re: thoughts on kernel security issues

[Linus Torvalds]

On Thu, 13 Jan 2005, Arjan van de Ven wrote:
> 
> I think you are somewhat misguided on these: the randomisation done in
> FC does NOT prohibit prelink for working, with the exception of special
> PIE binaries. Does this destroy the randomisation? No: prelink *itself*
> randomizes the addresses when creating it's prelink database

There was a kernel-based randomization patch floating around at some 
point, though. I think it's part of PaX. That's the one I hated. 

Although I haven't seen it in a long time, so you may well be right that 
that one too is fine. 

My point was really more about the generic issue of me being two-faced: 
I'll encourage people to do things that I don't actually like myself in 
the standard kernel. 

I just think that forking at some levels is _good_. I like the fact that 
different vendors have different objectives, and that there are things 
like Immunix and PaX etc around. Of course, the problem that sometimes 
results in is the very fact that because I encourage others to have 
special patches, they en dup not even trying to feed back _parts_ of them.

In this case I really believe that was the case. There are fixes in PaX
that make sense for the standard kernel. But because not _all_ of PaX
makes sense for the standard kernel, and because I will _not_ take their
patch whole-sale, they apparently believe (incorrectly) that I wouldn't
even take the non-intrusive fixes, and haven't really even tried to feed
them back.

(Yes, Brad Spengler has talked to me about PaX, but never sent me 
individual patches, for example. People seem to expect me to take all or 
nothing - and there's a _lot_ of pretty extreme people out there that 
expect everybody else to be as extreme as they are..)

		Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/