tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: disabling SA in 5.0



On Sun, Mar 08, 2009 at 11:44:38AM -0400, Christos Zoulas wrote:

> I understand and I know that SA under 4.0 was susceptible to the
> same kinds of crashes. I don't have any vested interest in preserving
> SA.  I just care about the user experience during the upgrade from
> 4.0 to 5.0, 

You are clouding the discussion. SA is for corner cases, like the one that
you mention above, where a partial upgrade is being done by hand. If you are
doing something by hand, surely you can also change a configuration file.

> and providing a stable (one that one cannot easily
> crash via a local DoS) environment. These goals are often conflicting,
> but we could do something like print a warning at boot time when
> SA is enabled and keep it enabled in the INSTALL kernels and not
> in GENERIC for example.

There we disagree. I believe that the base product as shipped should not be
vulnerable to this type of attack.

> In my opinion having SA turned on, is no
> worse than having the unix domain file descriptor passing turned
> on; they can both be exploited to crash the kernel.

I have spent today and yesterday working on the descriptor issue that you
mention and on another security vulnerability. I have no interest in fixing
SA and refuse to be guilt-tripped about it because I already fixed it, by
replacing it.

Andrew


Home | Main Index | Thread Index | Old Index