Source-Changes-D archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys/kern



Le 03/12/2018 à 19:35, Manuel Bouyer a écrit :
On Mon, Dec 03, 2018 at 12:54:26PM +0100, Maxime Villard wrote:
In other words, 80% of KASLR is enabled by default, regardless of #ifdef
KASLR. Therefore, it is wrong to add an ifdef, because in either case we

So there's no way to completely disable KASLR now ?
Although I admit it's usefull to have it on by default, there should be a way
to turn it off for low-level debugging

No, I thought about that but in the end there is no way, because I didn't
want to introduce another ton of #ifdefs, there are already too many. In
general, you don't actually need to turn it off for debugging, it's enabled
very early, and there is no reason for things to go wrong before
(locore.S, which I already largely fixed). The only special case is the PTE
space; but given that it is recursive, even when it's a static location, it
is still very difficult to debug.

Now that the design is stable and simpler than before, it should be less
complicated to add an option to turn it off; but I still wouldn't want to do
that because it adds complexity for no good reason.


Le 03/12/2018 à 23:25, matthew green a écrit :
i don't care what other platforms do -- i care about netbsd not
breaking basic functionality.  you did that, and christos commited
my fix to unbreak it.

you're entirely welcome to fix this properly, but you are not welcome
to break every platform's.  fix the sysctls *THEN* enable the security.
you've broken my ability to debug problems on systems i am not the
admin on, and i've multiple times failed to diagnose a problem because
fstat did not work.

Pure idiocy.

"You broke my system!"

No, I committed a set of changes that were agreed upon months ago. It is
fine to reconsider the changes in retrospect, but meanwhile, you need to
quit fucking around with these accusations.


Home | Main Index | Thread Index | Old Index