Re: [PATCH] VFS: add config options to enable link restrictions

From: Kees Cook
Date: Fri Oct 26 2012 - 17:41:29 EST

Next message: Seiji Aguchi: "[PATCH v3 4/7] efi_pstore: Add ctime to argument of erase callback"
Previous message: Seiji Aguchi: "[PATCH v3 3/7] efi_pstore: Remove a logic erasing entries from awrite callback to hold multiple logs"
In reply to: Linus Torvalds: "Re: [PATCH] VFS: add config options to enable link restrictions"
Next in thread: Boaz Harrosh: "Re: [PATCH] VFS: add config options to enable link restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 26, 2012 at 1:27 PM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Fri, Oct 26, 2012 at 1:23 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>>
>> I'd like it to be the exception to turn it _off_, rather than the
>> exception to turn it on.
>
> Kees, you don't seem to understand.
>
> Breaking applications is unacceptable. End of story. It's broken them.
> Get over it.

No, I get that. I've been over it. I can handle it being off by
default. I just want there to be a way to make it enabled at build
time. I'll explore some other options; it's sensible to tie it to
other settings/things that are security-sensitive.

-Kees

--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Seiji Aguchi: "[PATCH v3 4/7] efi_pstore: Add ctime to argument of erase callback"
Previous message: Seiji Aguchi: "[PATCH v3 3/7] efi_pstore: Remove a logic erasing entries from awrite callback to hold multiple logs"
In reply to: Linus Torvalds: "Re: [PATCH] VFS: add config options to enable link restrictions"
Next in thread: Boaz Harrosh: "Re: [PATCH] VFS: add config options to enable link restrictions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]