config NONPROMISC_DEVMEM: help text and logic are confusing
From: Stefan Richter
Date: Sun May 04 2008 - 10:35:44 EST
The subject option, prompt "Disable promiscuous /dev/mem" in the menu
called "Kernel hacking", does the following as far as I understand the
patch description in commit ae531c26c5c2a28ca1b35a75b39b3b256850f2c8:
y = tighter security of /dev/mem,
n = unfiltered access through /dev/mem.
Yet the Kconfig help text contains the sentence
With this config option, you allow userspace access to all of
memory, [...]
Shouldn't this read
Say N to allow userspace access to all of memory, [...]
Say Y if you want improved security.
Also see commit 1f56cf1c58c81f7ecf16f5e99ac4a333d9dc9aea: This changed
the default of the option from y to n. But the help text still says:
The /dev/mem file by default only allows userspace access to PCI
space and the BIOS code and data regions.
This is apparently wrong with "default n".
Furthermore, most of the options in the "Kernel hacking" menu follow the
logic of "Y = additional debug features", "N = for normal use". With
NONPROMISC_DEVMEM it is the other way around. Besides, an option whose
prompt says "Disable something" is generally bad; better is "Enable
something" because this is what the vast majority of options do and thus
avoid "yes means no" logic.
So, wouldn't it be better to have
config PROMISCUOUS_DEVMEM
bool "Promiscuous /dev/mem"
# default to old semantics for a transition period
default y
help
This option opens up /dev/mem for access to all memory which
is useful for debugging and for [insert other uses here:
buggy legacy applications?] ...
Say Y if...
If ..., say N.
If I misunderstood something, please correct me. And the Kconfig entry
and its help text too, because I believe I won't be the only earthling
who gets it wrong. Thanks,
--
Stefan Richter
-=====-==--- -=-= --=--
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/