Re: Feature request: improved build-id generation

2018-03-14 Thread Linus Torvalds 
On Wed, Mar 14, 2018 at 6:46 PM, Linus Torvalds
 wrote:
>
> SHA1 with the known attack weakness fixed (aka "Hardened SHA1", the
> way git already does) in a non-certificate environment is fine.

.. don't get me wrong, git will migrate away, but the whole "it's not
fine" stuff is just fear-mongering garbage.

   Linus
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org

Re: Feature request: improved build-id generation

2018-03-14 Thread Linus Torvalds 
On Wed, Mar 14, 2018 at 6:01 PM, Alan Modra  wrote:
> On Wed, Mar 14, 2018 at 04:40:25PM -0700, Andy Lutomirski wrote:
>>
>> I realize that the security issue here is barely relevant, but git’s use of 
>> SHA1 is *not* okay, and git is migrating away for a reason.
>
> Hmm, that's news to me.  Heh, I've always been a bit suspicious of
> git's reliability.  ;-)

I'm afraid Andy has listened to a few too many hard-liner security
people - the bad kind that don't know shades of gray, and the kind
that aren't generally worth listening to.

SHA1 with the known attack weakness fixed (aka "Hardened SHA1", the
way git already does) in a non-certificate environment is fine.

The fact is, data identification is different from some kind of
security that depends on the key. I wouldn't use even hardened SHA1
for some security certificate. But for file ID's? Andy is confused.

  Linus
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org

proper debuginfo for embedded vDSO

2018-03-14 Thread Laura Abbott 

Hi,

The kernel still doesn't have 100% parallel debuginfo because we can't update
the vDSO binary embedded in the the image. I'd like to see about updating
debugedit to be smart enough to do the recalculation of the buildid for both
the vmlinux and the embedded vDSO.

I'd like to avoid too tight a coupling between the kernel and debugedit
so if we want/need to change how the vDSO is generated it won't break too
many things. My idea is to stick the location of the vDSO in an ELF note
so debugedit knows where to look. As long as the kernel can generate this
section correctly, debugedit can find the embedded build-id and update
accordingly.

Obviously this would need approval from a wider audience but I'm looking
to get some early feedback before I spend too much time prototyping
something that has no chance of going anywhere.

Thoughts?

Thanks,
Laura
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org