Re: CVS commit: src/sys/kern

2018-12-05 Thread Warner Losh 
>
> No, I committed a set of changes that were agreed upon months ago. It is
> fine to reconsider the changes in retrospect, but meanwhile, you need to
> quit fucking around with these accusations.
>

That's a super crappy attitude. The changes broke things that weren't
contemplated when the agreement was made. Did the changes break things?
Yes. They did. That's a bug, not matter what was agreed to.

Warner

Re: CVS commit: src (kern_export_address)

2018-12-05 Thread Geoff Wing 
On Thursday 2018-12-06 05:16 +1100, Christos Zoulas output:
:Module Name:   src
:Committed By:  christos
:Date:  Wed Dec  5 18:16:51 UTC 2018
:
:Modified Files:
:   src/share/man/man7: sysctl.7
:   src/sys/dev: mm.c
:   src/sys/kern: init_sysctl.c kern_proc.c
:   src/sys/miscfs/procfs: procfs_linux.c
:   src/sys/sys: param.h proc.h sysctl.h
:
:Log Message:
:cvs rdiff -u -r1.221 -r1.222 src/sys/kern/kern_proc.c

Typo fix:

Index: sys/kern/kern_proc.c
===
RCS file: /cvsroot/src/sys/kern/kern_proc.c,v
retrieving revision 1.222
diff -u -r1.222 kern_proc.c
--- sys/kern/kern_proc.c5 Dec 2018 18:16:51 -   1.222
+++ sys/kern/kern_proc.c6 Dec 2018 06:04:59 -
@@ -223,7 +223,7 @@
 static int sysctl_security_expose_address(SYSCTLFN_PROTO);
 
 #ifdef KASLR
-static int kern_expose_address_= 0;
+static int kern_expose_address = 0;
 #else
 static int kern_expose_address = 1;
 #endif

Re: CVS commit: src/sys/kern

2018-12-05 Thread Maxime Villard 

Le 03/12/2018 à 19:35, Manuel Bouyer a écrit :

On Mon, Dec 03, 2018 at 12:54:26PM +0100, Maxime Villard wrote:

In other words, 80% of KASLR is enabled by default, regardless of #ifdef
KASLR. Therefore, it is wrong to add an ifdef, because in either case we


So there's no way to completely disable KASLR now ?
Although I admit it's usefull to have it on by default, there should be a way
to turn it off for low-level debugging


No, I thought about that but in the end there is no way, because I didn't
want to introduce another ton of #ifdefs, there are already too many. In
general, you don't actually need to turn it off for debugging, it's enabled
very early, and there is no reason for things to go wrong before
(locore.S, which I already largely fixed). The only special case is the PTE
space; but given that it is recursive, even when it's a static location, it
is still very difficult to debug.

Now that the design is stable and simpler than before, it should be less
complicated to add an option to turn it off; but I still wouldn't want to do
that because it adds complexity for no good reason.


Le 03/12/2018 à 23:25, matthew green a écrit :

i don't care what other platforms do -- i care about netbsd not
breaking basic functionality.  you did that, and christos commited
my fix to unbreak it.

you're entirely welcome to fix this properly, but you are not welcome
to break every platform's.  fix the sysctls *THEN* enable the security.
you've broken my ability to debug problems on systems i am not the
admin on, and i've multiple times failed to diagnose a problem because
fstat did not work.


Pure idiocy.

"You broke my system!"

No, I committed a set of changes that were agreed upon months ago. It is
fine to reconsider the changes in retrospect, but meanwhile, you need to
quit fucking around with these accusations.