enable null pointer hardening by default
Eric Sandeen
sandeen at redhat.com
Thu Dec 13 17:03:50 UTC 2007
Eric Paris wrote:
> On Thu, 2007-12-13 at 11:28 -0500, Kyle McMartin wrote:
>> Hi Eric,
>>
>> On Thu, Dec 13, 2007 at 10:58:38AM -0500, Eric Paris wrote:
>>> Would anyone have a problem carrying this patch in fedora? This would
>>> be a forever fedora'ism.
>>>
>> Wouldn't it be better to just use sysctl in an init script to turn it on
>> during boot (or, optionally, not.) as opposed to carrying a patch
>> perpetually?
>
> I actually talked to the sysctl.conf owner first who said "if it is a
> good default for everyone turn it on in the kernel"
>
> which i tended to agree with. But I like Eric's way of enabling it
> better, especially since now every distro will have to choose to
> enable/disable rather than just having it ignorable.
Having a sysctl to change it post-boot if desired may also still make
sense, though? I guess it's sort of analogous to how selinux can be
KConfig'd in certain ways, and later modified runtime.
-Eric
More information about the Fedora-kernel-list
mailing list