Re: [3.1 patch] x86: default to vsyscall=native

From: Adrian Bunk
Date: Sun Oct 09 2011 - 09:45:47 EST

Next message: Adrian Bunk: "[3.1 patch] x86 vsyscall_64.c: better error message on bad pointers"
Previous message: Mark Brown: "[PATCH 2/2] regmap: Allow caches for devices with no defaults"
Next in thread: Adrian Bunk: "[3.1 patch] x86 vsyscall_64.c: better error message on bad pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 06, 2011 at 12:01:44AM +0200, Thomas Gleixner wrote:
>...
> We might need better dmesg output, e.g.
>
> printk_once("you might run something which requires
> vsyscall=native, but be aware that you are
> opening a security hole. See Documentation/....")
>
> That's fine, but making the defaults insecure is just ass backwards.

Better dmesg output is in any case a better idea, patch is coming.

I stayed with warn_bad_vsyscall() instead of printk_once() for
the following reasons:
- _once is bad for something that might indicate exploit attempts,
warn_bad_vsyscall() is already ratelimited
- the name and pid of the process should be shown
- the additional output of warn_bad_vsyscall() can help determine
what caused it

> Thanks,
>
> tglx

cu
Adrian

--

"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Adrian Bunk: "[3.1 patch] x86 vsyscall_64.c: better error message on bad pointers"
Previous message: Mark Brown: "[PATCH 2/2] regmap: Allow caches for devices with no defaults"
Next in thread: Adrian Bunk: "[3.1 patch] x86 vsyscall_64.c: better error message on bad pointers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]