Re: [PATCH v5 9/9] x86-64: Add CONFIG_UNSAFE_VSYSCALLS to feature-removal-schedule

From: pageexec
Date: Mon Jun 06 2011 - 15:02:02 EST

Next message: anish: "[PATCH 1/2] staging: iio replaced kmalloc with local variables."
Previous message: Arnaud Lacombe: "[PATCH 2/9] kconfig: fix return code for invalid boolean symbol in conf_set_sym_val()"
In reply to: Ingo Molnar: "Re: [PATCH v5 9/9] x86-64: Add CONFIG_UNSAFE_VSYSCALLS tofeature-removal-schedule"
Next in thread: Ingo Molnar: "Re: [PATCH v5 9/9] x86-64: Add CONFIG_UNSAFE_VSYSCALLS tofeature-removal-schedule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6 Jun 2011 at 16:44, Ingo Molnar wrote:
> * pageexec@xxxxxxxxxxx <pageexec@xxxxxxxxxxx> wrote:
>
> > > > Seriously. The whole patch series just seems annoying.
> >
> > what is annoying is your covering up of security fixes on grounds
> > that you don't want to help script kiddies (a bullshit argument as
> > it were) but at the same time question proactive security measures
> > (one can debate the implementation, see my other mail) that would
> > *actually* prevent the same kiddies from writing textbook exploits.
>
> You are mixing up several issues here, and rather unfairly so.

but it's very simple logic Ingo. it goes like 'I am not willing to
do A because it would help script kiddies but I'd rather do B that
would help script kiddies'. with A = 'disclose security bugs' and
B = 'keep the last roadblock that prevents full ASLR'.

if someone's that worried about script kiddies as Linus claims to be
(which i always called a BS argument, but let's accept here), he can't
possibly argue for keeping the vsyscall page at a fixed address around,
simple as that.

and it is for security, no other reason, else you'd have to accept a patch
that maps the vdso at a fixed address again or come up with some very
convincing arguments why the vdso must stay randomized but the vsyscall
page is fine at a fixed address (i guess neither is forthcoming but you
guys can act in surprising ways, so i'm not placing any bets ;).

> Firstly, see my other mail, there's an imperfect balance to be
> found between statistical 'proactive' measures and the incentives
> that remove the *real* bugs.

i hope i replied to this already now to your satisfaction else feel free
to elaboarte.

> Secondly, *once* a real security bug has been found the correct
> action is different from the considerations of proactive measures.

as i said already, you're mixing up fixing bugs and fighting exploit
techniques. apples vs. oranges.

> How can you possibly draw equivalence between disclosure policies
> and the handling of statistical security measures?

see the simple logic above.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: anish: "[PATCH 1/2] staging: iio replaced kmalloc with local variables."
Previous message: Arnaud Lacombe: "[PATCH 2/9] kconfig: fix return code for invalid boolean symbol in conf_set_sym_val()"
In reply to: Ingo Molnar: "Re: [PATCH v5 9/9] x86-64: Add CONFIG_UNSAFE_VSYSCALLS tofeature-removal-schedule"
Next in thread: Ingo Molnar: "Re: [PATCH v5 9/9] x86-64: Add CONFIG_UNSAFE_VSYSCALLS tofeature-removal-schedule"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]