Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1951103imm; Sun, 9 Sep 2018 12:20:32 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdawy3ya1URd46daQg3XJl//5TVPn26JBanCYfKomqyvkSKgY4PoGNDAeXfdr8HDlFfHBrs8 X-Received: by 2002:a17:902:c6b:: with SMTP id 98-v6mr18417590pls.233.1536520832906; Sun, 09 Sep 2018 12:20:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536520832; cv=none; d=google.com; s=arc-20160816; b=t18tNa/TwdKkkIMEmmL3tzCtFkSWUULgsONGKuLg8E1LzWwzz8B7ajS3F6iQquox+L 2zla6TDTBKX+TjywTqUySxTx08knyd5zkV72g713wMdkylN1ogAj0aIEzo6DsCg/5LxJ zfobFd9WzEYX+lZ0TTPNUu5UYZ+dJ5S2LWvK6NIjbf05xvC0CeB20jTppEIhY5KJy7pu fD1fwJjhvqiE7xi5qd91p3A+nHTAMZGBtGJ9H+A58x/rqZI9noU+EZfcU/a5REwNzoQM xBCqJ+TWcAU3ijdQe/YAG1ol/FWZZ132xeXDKfTRQf276748I5q9y4H/5BQJmRWyKqf/ n/gA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=lwmfWxB8iLxpCzpjuXWvKbbtcSg6LHzpwNV1Ef9jgTo=; b=ThVsDFRadF87MsZq7eiV6bO2djcFxYrWjpqoKLw65w5Wc2ybSBppZTyYPdg2I0+iHC quVYHtP/y9rfaVbGi+RhqBBvAELJDouOH8MnyxiUuzyuuAAIkCUKW+7anOujMHboCH8q xWnczKP5W7IZCZFCKWvUe04L+PVhS4xC/Z85Wr6mhekjlUY4bl+KaRwrMT0AAp1Dshi7 Y3yUl1ROdebmZD77aSAdwQqLbNdMD/oIAWPWv++bSRTX5DkzgGf8yyQwsXfZzRWkiYyl LBXcWO12l1YPH6XSh33tmleTzU0oiA5E0BkckhpD5rc9DzFGJx2qn18NijBejosZ5bN5 S3Nw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i3-v6si13924569plb.44.2018.09.09.12.20.15; Sun, 09 Sep 2018 12:20:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726739AbeIJAJu (ORCPT + 99 others); Sun, 9 Sep 2018 20:09:50 -0400 Received: from asavdk3.altibox.net ([109.247.116.14]:56225 "EHLO asavdk3.altibox.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726599AbeIJAJu (ORCPT ); Sun, 9 Sep 2018 20:09:50 -0400 Received: from ravnborg.org (unknown [158.248.194.18]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by asavdk3.altibox.net (Postfix) with ESMTPS id B08D020062; Sun, 9 Sep 2018 21:19:04 +0200 (CEST) Date: Sun, 9 Sep 2018 21:19:03 +0200 From: Sam Ravnborg To: Salvatore Mesoraca Cc: kernel-hardening@lists.openwall.com, linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, Jann Horn , Jonathan Corbet , Kees Cook , Laura Abbott , Masahiro Yamada , Michal Marek , "Eric W. Biederman" Subject: Re: [PATCH v2] kconfig: add hardened defconfig helpers Message-ID: <20180909191903.GA2344@ravnborg.org> References: <1536516257-30871-1-git-send-email-s.mesoraca16@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1536516257-30871-1-git-send-email-s.mesoraca16@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-CMAE-Score: 0 X-CMAE-Analysis: v=2.3 cv=dqr19Wo4 c=1 sm=1 tr=0 a=UWs3HLbX/2nnQ3s7vZ42gw==:117 a=UWs3HLbX/2nnQ3s7vZ42gw==:17 a=kj9zAlcOel0A:10 a=HtJaMnaozw0hSPeDYtIA:9 a=CjuIK1q_8ugA:10 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Salvatore. On Sun, Sep 09, 2018 at 08:04:17PM +0200, Salvatore Mesoraca wrote: > Adds 4 new defconfig helpers (hardenedlowconfig, hardenedmediumconfig, > hardenedhighconfig, hardenedextremeconfig) to enable various hardening > features. > The list of config options to enable is based on KSPP's Recommended > Settings and on kconfig-hardened-check, with some modifications. > These options are divided into 4 levels (low, medium, high, extreme) > based on their negative side effects, not on their usefulness. > 'Low' level collects all those protections that have (almost) no > negative side effects. > 'Extreme' level collects those protections that may have so many > negative side effects that most people wouldn't want to enable them. > Every feature in each level is briefly documented in > Documentation/security/hardenedconfig.rst, this file also contain a > better explanation of what every level means. > To prevent this file from drifting from what the various defconfigs > actually do, it is used to dynamically generate the config fragments. In the above you nicely describes what is done. But there is nothing about the target group for this feature. Who will benefit from this? With respect to the actual implmentation we now have two ways to handle config fragments. Current solution is to save the config fragments in kernel/configs. And the new solution is to parse the config fragments from an rst file. The changelog fails to mentions why we need a new way to handle the config fragments. If we want to go the "parse from rst file" way - can it then be abstracted in a way so this is the only way to handle these in-kernel config fragments? And then move the current config fragment to the new way. It most be possible with a little careful design to make this a general solution and not a hardening thing only. Sam