Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3122330imm; Sun, 16 Sep 2018 10:15:39 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbjqLz8tWh4jiuibBsYuOVu1ksMTVRZ9c1JaS7Bp1s1bO+SIsd2Y1v2XCgcdxSNakms4Yjp X-Received: by 2002:a17:902:b492:: with SMTP id y18-v6mr21572728plr.208.1537118139207; Sun, 16 Sep 2018 10:15:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537118139; cv=none; d=google.com; s=arc-20160816; b=xMsEp/HdvjPN6NmjqpYqiU9yb5rSNqvOPmc1qFPQgTlI0tMiUpQ6PLxfysKCdzLTRD EEl8uCbw1tcUjVPmErT3VnKjnQScEpZlV3d42u+sg6uE25zQ8amnp3ajyKyxXOMeBYY0 TwnyDg5gUQLBEudJkpwoFVCE0nHEzDceTNmFFh3avZQYeN8XItj+4uP+ZdFq1REyB001 eqlweu5uqOT433ScAAmQ5qnpzt0XUxrpkqOj+SHh4029Iy8dy50nbEnECZkSmB5rm3KC e9k8pMXCwGgCN66Gx3vwkTk8RzN/Y1GHWJ5W67pz9eDQ6MgsZB7cjREMqtyz2JUwBsWR 9tIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=i49dArdacxzzu8mTgtYAt2Lt9rDnQ/ZSCIiSJxCGWlo=; b=xHXpnLEzuzKDN8oxU29St0c/i2ha9XI/xebBtUj3pOuyndCcf3Y8QDPghKYzOkg3J4 qzpS32ebTz/5KyHSN88uLbLj+KxI6oTTFiCux5lYAkNwYyJFD28WibNpVQeiNHBst+/j pVAqUBKCH41/1SL1IlO1Y1Wd0o0X6kYAKMdyV8f4WpoPwpFJFym2CIKV53th5tUHfBbe qHhPg6JyZtkboa1/2krz2XmtJb+Slol2mZ316QvAdrMfFeN7msdQg/VU3QgAauihm9P4 x44z6BjVpNIvMKoimU3I62KTMTS5VbwbmGhRLLV45fnVCMzfhShDWaMhCd4L6uP2hGnQ wQXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=MX+3wk9j; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 37-v6si13652426ple.491.2018.09.16.10.15.20; Sun, 16 Sep 2018 10:15:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=MX+3wk9j; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728300AbeIPWib (ORCPT + 99 others); Sun, 16 Sep 2018 18:38:31 -0400 Received: from mail-vs1-f68.google.com ([209.85.217.68]:35953 "EHLO mail-vs1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727394AbeIPWib (ORCPT ); Sun, 16 Sep 2018 18:38:31 -0400 Received: by mail-vs1-f68.google.com with SMTP id z19-v6so2075650vso.3; Sun, 16 Sep 2018 10:14:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=i49dArdacxzzu8mTgtYAt2Lt9rDnQ/ZSCIiSJxCGWlo=; b=MX+3wk9jI1x4BUh0L2xKi1sn519FzP5eNS8aWubNVh84+JJtcNrHX1eSLA9tinNuAb Stx718y6D8SdsSbafhfwVcsmpmGkjdlIG7ua6P2iTcE5PWW6Nws5AYRsrST24cyH1Wy3 iviyJiC/2OTxBRsQdn7nSgZu0a8uoeclKFUHbUt+QHJX0t0v2ETwYdZvMNCSlccXXtHN +rd2JKmaZLPwleZ8hqL6lGaE7L5fHaunKy76LQW4GihdeTwODTRBIOaOaQIeKlgUk2+D j/ePl4kEjQ0wm3+mbZFmmeehaFqxiPWSiBupBwTNAuuRZBXToSQdWtyR7Unmh9qGuW0H 8Rmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=i49dArdacxzzu8mTgtYAt2Lt9rDnQ/ZSCIiSJxCGWlo=; b=B14QwpWrILGKMDoUDHCshm94qET5TDu83GiCqiDn7Q+VpuFckFWujr5VOSPs70Hdo8 VrRb+0wOrCLqis+zmCbeAGp9dFTnvUWn/pd70yxP1vawS3f+sZNvcw5d3dyVyFESR61X xfG5OtdVHW+6X7woSsJtHlWm/XHtE7XJoDPPeAKMst8Qb9KoiyVBT4n4pUCgmezDCLBY bXdOM6c+yboL+gPufiE4MkfcFT/HW2MCpjywQXb1Fln7yYqRVfCXsWVeaJRIprkBf5Xs mwlgf1Zo3sckmbyoms1HSEnMmSInzCPMhjtahzLSgyCRne2VPI4G+iPQG7LY2q541+gz EsDA== X-Gm-Message-State: APzg51DSGGl75R+u5u4FYUpHKFv2SOZ7jx+/lM7KiJ820VupCebEyVMO h6HPr7pAw6sRSV3j+LMbfYk368SHdIwsOJa9I0k= X-Received: by 2002:a67:4991:: with SMTP id d17-v6mr6917673vsg.41.1537118095964; Sun, 16 Sep 2018 10:14:55 -0700 (PDT) MIME-Version: 1.0 References: <1536516257-30871-1-git-send-email-s.mesoraca16@gmail.com> <20180909191903.GA2344@ravnborg.org> In-Reply-To: <20180909191903.GA2344@ravnborg.org> From: Salvatore Mesoraca Date: Sun, 16 Sep 2018 19:14:44 +0200 Message-ID: Subject: Re: [PATCH v2] kconfig: add hardened defconfig helpers To: sam@ravnborg.org Cc: Kernel Hardening , linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, Jann Horn , corbet@lwn.net, keescook@chromium.org, labbott@redhat.com, yamada.masahiro@socionext.com, michal.lkml@markovi.net, ebiederm@xmission.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Sam Ravnborg wrote: > > Hi Salvatore. Hi Sam > On Sun, Sep 09, 2018 at 08:04:17PM +0200, Salvatore Mesoraca wrote: > > Adds 4 new defconfig helpers (hardenedlowconfig, hardenedmediumconfig, > > hardenedhighconfig, hardenedextremeconfig) to enable various hardening > > features. > > The list of config options to enable is based on KSPP's Recommended > > Settings and on kconfig-hardened-check, with some modifications. > > These options are divided into 4 levels (low, medium, high, extreme) > > based on their negative side effects, not on their usefulness. > > 'Low' level collects all those protections that have (almost) no > > negative side effects. > > 'Extreme' level collects those protections that may have so many > > negative side effects that most people wouldn't want to enable them. > > Every feature in each level is briefly documented in > > Documentation/security/hardenedconfig.rst, this file also contain a > > better explanation of what every level means. > > To prevent this file from drifting from what the various defconfigs > > actually do, it is used to dynamically generate the config fragments. > > In the above you nicely describes what is done. > But there is nothing about the target group for this feature. > Who will benefit from this? Sometimes people ask about kernel hardening features, that's the reason why the KSPP's list and the kconfig-hardened-check script were written. Unfortunately, kernel features with security implications have often misleading names and descriptions and are scattered around the menuconfig. This patchset will help anyone who want to have an "hardened kernel" but isn't following kernel development closely enough to know about all the features. On one hand, this will provide an official and understandable list of hardening features inside the kernel doc, on the other hand it also provide a fast and easy way to enable those features all at once. > With respect to the actual implmentation we now > have two ways to handle config fragments. > Current solution is to save the config fragments in kernel/configs. > And the new solution is to parse the config fragments from an rst file. > The changelog fails to mentions why we need a new way to handle > the config fragments. The reason why I'm doing it like this is that I want both the config fragments and the doc in the kernel. Generating the fragments from the doc is the best way to make sure that they will always do what the doc says. > If we want to go the "parse from rst file" way - can it then > be abstracted in a way so this is the only way to handle > these in-kernel config fragments? > And then move the current config fragment to the new way. > > It most be possible with a little careful design to make this > a general solution and not a hardening thing only. I don't know if maintainers of the other fragments care at all about having every single option documented in detail. For hardening features it makes sense, because people may want to just learn about them and enable them manually. I don't know if this is common or desirable for other config fragments. Thank you for you comment, Salvatore