Date: Tue, 28 Nov 2017 15:51:59 -0800 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Geo Kozey <geokozey@...lfence.com> Cc: LSM List <linux-security-module@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com> Subject: Re: Re: [PATCH v5 next 5/5] net: modules: use request_module_cap() to load 'netdev-%s' modules On Tue, Nov 28, 2017 at 1:51 PM, Geo Kozey <geokozey@...lfence.com> wrote: > > What about "we're insecure by default but you can't do anything to change this"? It describes current situation. Go away, and don't send me patches until you have dug your head out of whatever hole you have put it in.. If this is the kind of shit-headed responses I get from the "hardening" list, then I don't want to have anything to do with you guys. Seriously. I sent out a long explanation of what's wrong with the hardening people last week. It made the news. If you still don't understand, you're simply not worth working with. If you cannot help improve kernel security for the default case, and you can't even be bothered to try, and only want to fix some special case that doesn't then improve anything at all for most people, I really _really_ suggest you go play in your own sandbox. Because clearly, if you're not interested in improving things for anybody else, why the hell should you care about the upstream kernel anyway? That's what this boils down to: if you send me patches, you had better strive to improve security for everybody, not just for some little locked-down special case. We're not grsecurity. We never have been. We're not interested in the crazy people. We're interested in the kind of security that is generally applicable. To the mainline kernel, not breaking existing users matters, but it also matters that the patches make sense for everybody, because otherwise, why be mainline? So a patch that avoids breaking existing users, but also doesn't actually improve anything for existing users, simply shouldn't be part of the mainline kernel. Comprende? Linus
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.