Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965125Ab2JZVlk (ORCPT ); Fri, 26 Oct 2012 17:41:40 -0400 Received: from mail-wi0-f172.google.com ([209.85.212.172]:38514 "EHLO mail-wi0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933967Ab2JZVli (ORCPT ); Fri, 26 Oct 2012 17:41:38 -0400 MIME-Version: 1.0 In-Reply-To: References: <20121026185021.GA1960@www.outflux.net> Date: Fri, 26 Oct 2012 14:41:37 -0700 X-Google-Sender-Auth: 3p9P17df9c9XCdZe0uMak_1Mbh4 Message-ID: Subject: Re: [PATCH] VFS: add config options to enable link restrictions From: Kees Cook To: Linus Torvalds Cc: linux-kernel@vger.kernel.org, Alexander Viro , linux-fsdevel@vger.kernel.org Content-Type: text/plain; charset=ISO-8859-1 X-System-Of-Record: true Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 928 Lines: 27 On Fri, Oct 26, 2012 at 1:27 PM, Linus Torvalds wrote: > On Fri, Oct 26, 2012 at 1:23 PM, Kees Cook wrote: >> >> I'd like it to be the exception to turn it _off_, rather than the >> exception to turn it on. > > Kees, you don't seem to understand. > > Breaking applications is unacceptable. End of story. It's broken them. > Get over it. No, I get that. I've been over it. I can handle it being off by default. I just want there to be a way to make it enabled at build time. I'll explore some other options; it's sensible to tie it to other settings/things that are security-sensitive. -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/