Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Wed 2017-01-25 12:21:05, Laura Abbott wrote: > On 01/19/2017 08:53 AM, Pavel Machek wrote: > >On Wed 2017-01-18 17:29:05, Laura Abbott wrote: > >> > >>Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option > >>provides key security features that are to be expected on a modern >

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Wed 2017-01-25 12:21:05, Laura Abbott wrote: > On 01/19/2017 08:53 AM, Pavel Machek wrote: > >On Wed 2017-01-18 17:29:05, Laura Abbott wrote: > >> > >>Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option > >>provides key security features that are to be expected on a modern >

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On 01/19/2017 12:33 PM, Heiko Carstens wrote: On Thu, Jan 19, 2017 at 10:56:46AM +, Mark Rutland wrote: +config HARDENED_PAGE_MAPPINGS + bool "Mark kernel mappings with stricter permissions (RO/W^X)" + default y + depends on ARCH_HAS_HARDENED_MAPPINGS + help +

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On 01/19/2017 12:33 PM, Heiko Carstens wrote: On Thu, Jan 19, 2017 at 10:56:46AM +, Mark Rutland wrote: +config HARDENED_PAGE_MAPPINGS + bool "Mark kernel mappings with stricter permissions (RO/W^X)" + default y + depends on ARCH_HAS_HARDENED_MAPPINGS + help +

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On 01/19/2017 11:56 AM, Mark Rutland wrote: Hi Laura, On Wed, Jan 18, 2017 at 05:29:05PM -0800, Laura Abbott wrote: Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option provides key security features that are to be expected on a modern system. Change the name to

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On 01/19/2017 11:56 AM, Mark Rutland wrote: Hi Laura, On Wed, Jan 18, 2017 at 05:29:05PM -0800, Laura Abbott wrote: Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option provides key security features that are to be expected on a modern system. Change the name to

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On 01/19/2017 08:53 AM, Pavel Machek wrote: On Wed 2017-01-18 17:29:05, Laura Abbott wrote: Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option provides key security features that are to be expected on a modern system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On 01/19/2017 08:53 AM, Pavel Machek wrote: On Wed 2017-01-18 17:29:05, Laura Abbott wrote: Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option provides key security features that are to be expected on a modern system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Wed, Jan 18, 2017 at 5:29 PM, Laura Abbott wrote: > > Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option > provides key security features that are to be expected on a modern > system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more > accurately

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Wed, Jan 18, 2017 at 5:29 PM, Laura Abbott wrote: > > Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option > provides key security features that are to be expected on a modern > system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more > accurately describes what this

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Thu, Jan 19, 2017 at 2:56 AM, Mark Rutland wrote: > Hi Laura, > > On Wed, Jan 18, 2017 at 05:29:05PM -0800, Laura Abbott wrote: >> diff --git a/security/Kconfig b/security/Kconfig >> index 118f454..ad6ce82 100644 >> --- a/security/Kconfig >> +++ b/security/Kconfig >> @@

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Thu, Jan 19, 2017 at 2:56 AM, Mark Rutland wrote: > Hi Laura, > > On Wed, Jan 18, 2017 at 05:29:05PM -0800, Laura Abbott wrote: >> diff --git a/security/Kconfig b/security/Kconfig >> index 118f454..ad6ce82 100644 >> --- a/security/Kconfig >> +++ b/security/Kconfig >> @@ -158,6 +158,22 @@

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On 19.01.2017 12:33, Heiko Carstens wrote: > On Thu, Jan 19, 2017 at 10:56:46AM +, Mark Rutland wrote: >>> +config HARDENED_PAGE_MAPPINGS >>> + bool "Mark kernel mappings with stricter permissions (RO/W^X)" >>> + default y >>> + depends on ARCH_HAS_HARDENED_MAPPINGS >>> + help >>> +

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On 19.01.2017 12:33, Heiko Carstens wrote: > On Thu, Jan 19, 2017 at 10:56:46AM +, Mark Rutland wrote: >>> +config HARDENED_PAGE_MAPPINGS >>> + bool "Mark kernel mappings with stricter permissions (RO/W^X)" >>> + default y >>> + depends on ARCH_HAS_HARDENED_MAPPINGS >>> + help >>> +

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Thu, Jan 19, 2017 at 10:56:46AM +, Mark Rutland wrote: > > +config HARDENED_PAGE_MAPPINGS > > + bool "Mark kernel mappings with stricter permissions (RO/W^X)" > > + default y > > + depends on ARCH_HAS_HARDENED_MAPPINGS > > + help > > + If this is set, kernel text and rodata

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Thu, Jan 19, 2017 at 10:56:46AM +, Mark Rutland wrote: > > +config HARDENED_PAGE_MAPPINGS > > + bool "Mark kernel mappings with stricter permissions (RO/W^X)" > > + default y > > + depends on ARCH_HAS_HARDENED_MAPPINGS > > + help > > + If this is set, kernel text and rodata

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

Hi Laura, On Wed, Jan 18, 2017 at 05:29:05PM -0800, Laura Abbott wrote: > > Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option > provides key security features that are to be expected on a modern > system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more > accurately

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

Hi Laura, On Wed, Jan 18, 2017 at 05:29:05PM -0800, Laura Abbott wrote: > > Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option > provides key security features that are to be expected on a modern > system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more > accurately

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Wed 2017-01-18 17:29:05, Laura Abbott wrote: > > Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option > provides key security features that are to be expected on a modern > system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more > accurately describes what this

Re: [PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

On Wed 2017-01-18 17:29:05, Laura Abbott wrote: > > Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option > provides key security features that are to be expected on a modern > system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more > accurately describes what this

[PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option provides key security features that are to be expected on a modern system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more accurately describes what this option is intended to do. Signed-off-by: Laura Abbott

[PATCH 1/2] security: Change name of CONFIG_DEBUG_RODATA

Despite the word 'debug' in CONFIG_DEBUG_RODATA, this kernel option provides key security features that are to be expected on a modern system. Change the name to CONFIG_HARDENED_PAGE_MAPPINGS which more accurately describes what this option is intended to do. Signed-off-by: Laura Abbott ---