On Fri, Dec 13, 2019 at 12:25:20AM +0300, Alexey Dobriyan wrote: > On Wed, Dec 11, 2019 at 07:24:01PM +0100, Willy Tarreau wrote: > > On Wed, Dec 11, 2019 at 09:19:33PM +0300, Alexey Dobriyan wrote: > > > Reports are better be done by people who know what they are doing, as in > > > understand what executable stack is and what does it mean in reality. > > > > > > > Otherwise it will just go to /dev/null with all warning about bad blocks > > > > on USB sticks and CPU core throttling under high temperature. > > > > > > That's fine. You don't want bugreports from people who don't know what > > > is executable stack. Every security bug bounty program is flooded by > > > such people. This is why message is worded in a neutral way. > > > > Well we definitely don't have the same experience with user reports. I > > was just suggesting, but since you apparently already have all the > > responses you needed, I'm even wondering why the warning remains. > > Willy, whatever instructions for users you have in mind must be > different for different people. Developer should be told to add > "-Wl,-z,noexecstack" and more. Regular user (define "regular") should be > told to send bugreport if the program really needs executable stack > which again splits into two situations: exec stack was added knowingly > because it is some old program with lost source code or it was readded > by mistake. > > "Complain to linux-kernel" is meaningless, kernel is not responsible. > > What the message is even supposed to say? > You could direct people to a website and then update the instructions as needed. regards, dan carpenter
