Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/19/2017 11:56 AM, Mark Rutland wrote:
Hi Laura,

On Wed, Jan 18, 2017 at 05:29:05PM -0800, Laura Abbott wrote:

Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option
provides key security features that are to be expected on a modern
system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more
accurately describes what this option is intended to do.

This generally sounds good. Thanks for attacking this!

On the bikeshedding front, *maybe* it would be nice to mention
permissions in the name, something like STRICT_KERNEL_RWX. That might
also prevent the reading of 'hardened' as 'optional overhead'.

That said, the proposed name is fine by me -- I'm happy so long as
'DEBUG' goes.


(Apologies for the delay, my SMTP was set up incorrectly so my
messages didn't actually get sent out)

I like that better since it's describing specifically what the config
should be setting as opposed to something more vague. That might fit
better with what Pavel was suggesting as well.

Thanks,
Laura


--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux