Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1945964Ab2JZVWh (ORCPT ); Fri, 26 Oct 2012 17:22:37 -0400 Received: from natasha.panasas.com ([67.152.220.90]:45124 "EHLO natasha.panasas.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1945930Ab2JZVWg (ORCPT ); Fri, 26 Oct 2012 17:22:36 -0400 Message-ID: <508AFF17.6050705@panasas.com> Date: Fri, 26 Oct 2012 14:22:31 -0700 From: Boaz Harrosh User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120605 Thunderbird/13.0 MIME-Version: 1.0 To: Kees Cook CC: Linus Torvalds , , Alexander Viro , Subject: Re: [PATCH] VFS: add config options to enable link restrictions References: <20121026185021.GA1960@www.outflux.net> In-Reply-To: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 749 Lines: 24 On 10/26/2012 01:23 PM, Kees Cook wrote: > > Every distro will ship with this enabled (except perhaps Damn > Vulnerable Linux), so why make it harder? > So please remind me why can't it be on by default in code. And the normal sysctl to turn it off for these who want to experiment with "filesystem corruption". So the basic premise is that you must not have any filesystem corruption at the parts used by boot up until the init portion that turns "filesystem corruption" on > -Kees > Cheers Boaz -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/