Hi, As much it sounds correct to protect systems in this way, you broke compatibility. I'm back to kernel 3.19 until this is fixed.
So in order to have such parameter enabled, you should at the least provide a bootparam option to toggle enabled or not. >From my point of view as user, you should never break backward compatibility, as bad is sounds in terms of security. And you should never enforce it to users. Best Regards, Helio Loureiro http://helio.loureiro.eng.br https://se.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro 2017-07-26 16:20 GMT+02:00 Ben Hutchings <b...@decadent.org.uk>: > On Mon, 2017-07-24 at 20:18 +0200, Helio Loureiro wrote: > > Hi, > > > > First an errata: I don't see messages since March, not January as I > stated > > wrongly before. > > > > And I tracked similar messages on other distros and found a message from > > Linus himself about a way to avoid such error: > > > > https://lkml.org/lkml/2015/12/14/670 > > > > Checking standard Debian kernel settings, I can see it is indeed enabled. > > > > # grep CONFIG_DEBUG_WX /boot/config-4.9.0-3-amd64 > > CONFIG_DEBUG_WX=y > > > > So is possible to delivery a correction kernel package with such > parameter > > disabled? > > This check catches a real security weakness in Xen. We won't disable > checking for it. Note that I did downgrade the severity of the warning > when running on Xen, since we know about it and don't expect it to be > fixed soon. > > Ben. > > -- > Ben Hutchings > Reality is just a crutch for people who can't handle science fiction. > >
