Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965298AbXATQMK (ORCPT ); Sat, 20 Jan 2007 11:12:10 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S965301AbXATQMK (ORCPT ); Sat, 20 Jan 2007 11:12:10 -0500 Received: from 69-100-st.zelcom.ru ([80.92.100.69]:4404 "EHLO etherstorm.feelingofgreen.ru" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S965298AbXATQMI (ORCPT ); Sat, 20 Jan 2007 11:12:08 -0500 Date: Sat, 20 Jan 2007 19:12:05 +0300 Message-ID: <87wt3hvfsa.wl@betelheise.deep.net> From: Samium Gromoff <_deepfire@feelingofgreen.ru> To: linux-kernel@vger.kernel.org Subject: Re: [PATCH] Undo some of the pseudo-security madness In-Reply-To: <87y7nxvk65.wl@betelheise.deep.net> References: <87y7nxvk65.wl@betelheise.deep.net> User-Agent: Wanderlust/2.15.5 (Almost Unreal) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?ISO-8859-4?Q?Shij=F2?=) APEL/10.6 Emacs/23.0.51 (i486-pc-linux-gnu) MULE/5.0 (SAKAKI) X-Face: "P-:w!.&Hdk.h~~pT`!Q%H6;/8Cce^m&%vIn"W-SXb4h88dCgwD\_}N5:\}lowY2gxg0u^wVO*L\$C@MvBDRTmh/=,468w{W{OTc$kfq5O9Y!`pd+N}SMHrN+Gs>jXe5}}EL`cRbc0^_0cZ-}M\b~55I;Qe$1uL8M`M`82<_%CQ(GwLk."M>zBLn:-u>n,$kjH`~Uo[pH`08#\G!GVMd`%7![m9]*w5PMts4@m>=;lX41Z90N MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 966 Lines: 25 At Sat, 20 Jan 2007 17:37:22 +0300, Samium Gromoff wrote: [snip] > So, here we have a buffer-overflow protection technique, which does not > actually protect against buffer overflows[1], breaking valid applications. > > I suggest getting rid of it. i botched it slightly: --- linux/include/linux/personality.h 2007-01-20 17:31:01.000000000 +0300 +++ linux-sane/include/linux/personality.h 2007-01-20 17:32:50.000000000 +0300 @@ -40,7 +40,7 @@ * Security-relevant compatibility flags that must be * cleared upon setuid or setgid exec: */ -#define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE) +#define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC) Signed-off-by: Samium Gromoff <_deepfire@feelinfofgreen.ru> - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/