config NONPROMISC_DEVMEM: help text and logic are confusing

From: Stefan Richter
Date: Sun May 04 2008 - 10:35:44 EST


The subject option, prompt "Disable promiscuous /dev/mem" in the menu called "Kernel hacking", does the following as far as I understand the patch description in commit ae531c26c5c2a28ca1b35a75b39b3b256850f2c8:

y = tighter security of /dev/mem,
n = unfiltered access through /dev/mem.

Yet the Kconfig help text contains the sentence

With this config option, you allow userspace access to all of
memory, [...]

Shouldn't this read

Say N to allow userspace access to all of memory, [...]

Say Y if you want improved security.

Also see commit 1f56cf1c58c81f7ecf16f5e99ac4a333d9dc9aea: This changed the default of the option from y to n. But the help text still says:

The /dev/mem file by default only allows userspace access to PCI
space and the BIOS code and data regions.

This is apparently wrong with "default n".

Furthermore, most of the options in the "Kernel hacking" menu follow the logic of "Y = additional debug features", "N = for normal use". With NONPROMISC_DEVMEM it is the other way around. Besides, an option whose prompt says "Disable something" is generally bad; better is "Enable something" because this is what the vast majority of options do and thus avoid "yes means no" logic.

So, wouldn't it be better to have

config PROMISCUOUS_DEVMEM
bool "Promiscuous /dev/mem"
# default to old semantics for a transition period
default y
help
This option opens up /dev/mem for access to all memory which
is useful for debugging and for [insert other uses here:
buggy legacy applications?] ...

Say Y if...
If ..., say N.

If I misunderstood something, please correct me. And the Kconfig entry and its help text too, because I believe I won't be the only earthling who gets it wrong. Thanks,
--
Stefan Richter
-=====-==--- -=-= --=--
http://arcgraph.de/sr/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/