enable null pointer hardening by default
Eric Paris
eparis at redhat.com
Thu Dec 13 17:05:05 UTC 2007
On Thu, 2007-12-13 at 11:03 -0600, Eric Sandeen wrote:
> Eric Paris wrote:
> > On Thu, 2007-12-13 at 11:28 -0500, Kyle McMartin wrote:
> >> Hi Eric,
> >>
> >> On Thu, Dec 13, 2007 at 10:58:38AM -0500, Eric Paris wrote:
> >>> Would anyone have a problem carrying this patch in fedora? This would
> >>> be a forever fedora'ism.
> >>>
> >> Wouldn't it be better to just use sysctl in an init script to turn it on
> >> during boot (or, optionally, not.) as opposed to carrying a patch
> >> perpetually?
> >
> > I actually talked to the sysctl.conf owner first who said "if it is a
> > good default for everyone turn it on in the kernel"
> >
> > which i tended to agree with. But I like Eric's way of enabling it
> > better, especially since now every distro will have to choose to
> > enable/disable rather than just having it ignorable.
>
> Having a sysctl to change it post-boot if desired may also still make
> sense, though? I guess it's sort of analogous to how selinux can be
> KConfig'd in certain ways, and later modified runtime.
Absolutely the sysctl is always going to be there (it already
is /proc/sys/vm/mmap_min_addr).
-Eric
More information about the Fedora-kernel-list
mailing list