Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGXu5j+Q3pKN7G9OgCop-DPbq6vjTOL-PoVHTP0tSwxdyjGiJw@mail.gmail.com>
Date: Fri, 11 Dec 2015 10:47:49 -0800
From: Kees Cook <keescook@...omium.org>
To: "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>
Subject: Re: Project convention on configuration options

On Fri, Dec 11, 2015 at 9:57 AM, Schaufler, Casey
<casey.schaufler@...el.com> wrote:
> I’m starting to look at PAX_USERCOPY and immediately hit
> the question of what to do about configuration option name.
> I assume that retaining PAX_USERCOPY is not the right thing
> to do, but what should be used instead? HARD_USERCOPY?

I think there will be plenty of bike-shedding, so pick whatever you
like for now. :)

There is already the (disabled due to gcc bugs)
DEBUG_STRICT_USER_COPY_CHECKS (which should lose the "DEBUG" name
too). IIRC, it works by tracking memory regions? Maybe TRACK_USERCOPY?
I'm sure it'll get renamed, so no big deal. In fact, you could just
leave it as PAX_USERCOPY too for the initial extraction.

-Kees

-- 
Kees Cook
Chrome OS & Brillo Security

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.