Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3140439imm; Sun, 16 Sep 2018 10:40:24 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZW+Z4gpFDr4kuizHflNhwvWUMBauqdbUtAJ5etBBHyPTEGIq0LI9ya1HYY6CEiIH/io1lM X-Received: by 2002:a63:c807:: with SMTP id z7-v6mr20078058pgg.77.1537119624340; Sun, 16 Sep 2018 10:40:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1537119624; cv=none; d=google.com; s=arc-20160816; b=IjCRRdMBVYk9swIzZWrMsQhqq4CC7eQAM2aTRmAsmCt/XE7LjbRw371zNA1a5iQol0 oEuM8x6aj7Nh2UHXs4b8JihI2gaZOdIAehDE+X6MOv1bOMyIkJcDZOMyc6XAbFYbkz38 da2mXy0L0yDIKOj8ns8OjfSC1ybiEvCjRU72gzPDae2P2OfcsjYZelFf8UYgTsW2tNKJ NBmXr7vFVSEYaF3CIjblVKl+iGQFkraFOLu8ioibAQ8MO+Y7HtD7sILTqPFB5ed6C4v3 ISm2g97eiEX+Jv0bFtbjiAMKJApa3cGIt4d/0akI2GTqd76LQgDFkj/Yw6GuXw5Lgxvo LnXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=lCit3YbuMsEoKKSgAnDSJgcl4i3h5GThqutwFDIqO8A=; b=rvd0xBSCyg+9RIFZJEtdB8FdyaIqzpafrRmxA5hwgvwBuk9n90PRcBLhRHIAIaPHKp zdqQ3q2IJBClYRIToqVO08A7aEVDQ7Q0lO1hzpXFZAirfBkP8e5hIsQ4N+osXtLPVonr spok4e9679GTeYpTOVB9575X9pY4nmKK/X/vxeLsNqBI8VtX7k9UgmFYuFN8sPFpDzF3 8JVGjC500KR3LmI1BBOJDOYcm2BvKmd3nHLq6z5eMjUXNFmnjSBBQGorHishlmUjZvQj K5+Q47Elx5PYjdp7Y2hAMAhlp6ui9TTDagUoUCFGFx5Uco7QVgYiVmYffWowwNC1FTbm sZiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UYN3NXqb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cb14-v6si14266781plb.178.2018.09.16.10.40.09; Sun, 16 Sep 2018 10:40:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=UYN3NXqb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728334AbeIPXCq (ORCPT + 99 others); Sun, 16 Sep 2018 19:02:46 -0400 Received: from mail-vs1-f65.google.com ([209.85.217.65]:42969 "EHLO mail-vs1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728108AbeIPXCq (ORCPT ); Sun, 16 Sep 2018 19:02:46 -0400 Received: by mail-vs1-f65.google.com with SMTP id s188-v6so2080849vss.9; Sun, 16 Sep 2018 10:39:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lCit3YbuMsEoKKSgAnDSJgcl4i3h5GThqutwFDIqO8A=; b=UYN3NXqbXkgiH7tLY1+OgHu/GdT8rcTwvLeJs8MTgsPCXe6oxWXspBvOR9eh+vvOJf PalkUjF9YIMEBXuCqwcE1ZfW450eTAayr0BOdyns3vqWJGGDgtxhp0PHxlPZcgENIU0l eheG1AGda96uj37ypIoBKb08XZKRdHdUTwsKU/KSjYJj/aAsisHV369GPbq/poIlAVxf xWeytBBhtxgIeeP0TgQPwgG4gIeTGSGz0P5w0pz5J2ILy/jkUpAU2rEFiVmImM4d7tkH Nbrz/nSZG5l6HmzREu/EwCfZ0DkZuLWuvvBW5PChUTCbxefbEL2HfW5bTl2K6Mvz2wcR TUhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lCit3YbuMsEoKKSgAnDSJgcl4i3h5GThqutwFDIqO8A=; b=rnqpnYVegFkx39rbj3hJkBweuuwx8C43n0s/gtV+SvdvpnmQvMlhvgoFRV69bq7bs6 t8J0yvlEVJSbEPrd/PCxeIjmzUDbnUSELaxZmv/8uMVx1OT1rLypPfTCfC+CZ0YJmoUv 6FxsWTS1iGERbhKN3raxS8qGNOT0G54PzeoSJwoPefZ0LalOL+jWGqx8XFgYMduzkV4z 8rkDc9fwV11PCeWJrM96DTbNPNZ0LmCSQL6AGeOdfFdmHhaLbZ//jFIdk+mr4u93c6EV DJrOv9ltehVhKMvkmF7AFsyCoyP/2j/JTUEpT2ubXZ7d8ADAA6mvfs6qimDI+/AE5aR/ aMsQ== X-Gm-Message-State: APzg51BL2wYvUpua0tSyCXCA0+pQU816LA6zYqfvS/ZhKGhgJymO/6bZ jXX58NUrEdPpjkmSwQs/6NEKR5xRQ0sudoay4EWW0FOjI5Y= X-Received: by 2002:a67:e414:: with SMTP id d20-v6mr6728946vsf.116.1537119547550; Sun, 16 Sep 2018 10:39:07 -0700 (PDT) MIME-Version: 1.0 References: <1536516257-30871-1-git-send-email-s.mesoraca16@gmail.com> <20180909142741.3b87df76@lwn.net> In-Reply-To: <20180909142741.3b87df76@lwn.net> From: Salvatore Mesoraca Date: Sun, 16 Sep 2018 19:38:56 +0200 Message-ID: Subject: Re: [PATCH v2] kconfig: add hardened defconfig helpers To: corbet@lwn.net Cc: Kernel Hardening , linux-doc@vger.kernel.org, linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org, Jann Horn , keescook@chromium.org, labbott@redhat.com, yamada.masahiro@socionext.com, michal.lkml@markovi.net, ebiederm@xmission.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Jonathan Corbet wrote: > [omissis] > > Some overall thoughts: > > - As Sam asked: who are the users of this feature? Presumably you have > some real people out there in mind for each of these levels, or you would > not have created them? In general this feature will be useful for all those people who are interested in enabling hardening features on their kernel. Maybe they are not so many, but they exist and are the reason why KSPP's list and kconfig-hardened-check script were written. Anyway, not everybody is willing to trade a lot of performance for security. I hope that splitting features based on their negative impact will increase the usage of those features which are more "usable", but still not so known by many people. > - Who will maintain it? The list of hardening-relevant configuration > options is always in high flux, as our understanding of the security > implications of each. This feature will require some significant ongoing > attention or it will quickly become stale. I think it needs a > MAINTAINERS entry. Good, I can add myself as maintainer, I also got Kees permission to add him as designated reviewer too. > - It's a little strange to see an RST document used as the input for the > kernel configuration process. Assuming this is really the best way to do > this (and I worry about things like duplicated descriptions of kernel > configuration options), you should, at a minimum, carefully document the > format of this file at the beginning. Otherwise people will surely break > it. In fact, they'll break it anyway, so more checking in the processing > script seems indicated. Yes, this approach is a bit "original". I think your suggestions are sensible. I'll document better the format and add more checks to the script to make it more resilient. > Without having thought it through in great depth, I suspect that a better > approach might be to find a way to mark the hardening level in the > Kconfig entries. The reason why everything starts from an .rst is that I'd like to have a doc page with a detailed list of all the hardening feature. If the fragments aren't going to be generated from the doc we'll a way to make sure that what is written in the doc is coherent with what Kconfig is doing. I'm don't think that it will be much better. > - You have ordered the options alphabetically, but that is, I would argue, > not the best way. My guess is that people would read this file to answer > the question of "just how many bullets will hardening level H put into my > foot?" So I would sort them by hardening level as the primary key. This seems reasonable, I'll change it. Thank you for your time, Salvatore