noexec on /dev/shm
Matt McCutchen
matt at mattmccutchen.net
Thu Dec 16 19:51:04 UTC 2010
On Thu, 2010-12-16 at 20:16 +0100, Miloslav Trmač wrote:
> Casey Dahlin píše v Čt 16. 12. 2010 v 11:19 -0500:
> > On Thu, Dec 16, 2010 at 12:27:34PM +0000, Richard W.M. Jones wrote:
> > > What you don't understand is that you are throwing away the experience
> > > and knowledge of thousands of Unix system administrators. Almost of
> > > all of them do not even read this mailing list.
> > >
> > > Rich.
> >
> > I hate this argument.
> >
> > The "experience and knowledge" claim applies to everything we could possibly
> > change.
> >
> > Change.\nIs.\nGoing.\nTo.\nHappen.
>
> That's a too black-and-white view. Of course there is and will be
> change - what would we all be doing here if there were nothing to
> change, after all? The thing that needs to be appreciate is that every
> change has _costs_ on the user-base.
[...]
> So, yes, change is going to happen, and some change is clearly good.
> But when there are 10 programmers on a project and 100,000 users, each
> change has to be _very obviously_ good, or it might be better avoided.
>
> Especially minor changes that don't bring any measurable benefit
> (perhaps making the system "cleaner" or making programmer's life more
> convenient) but require time from each user to adapt are better
> abandoned than implemented.
Looking at real costs and benefits is the right approach. But do not
overlook potential benefits of making it practical to add features that
will help the sysadmins or avoiding a security issue later that the
sysadmins would otherwise have to scramble to fix (maybe not applicable
to /dev/shm, but in general).
--
Matt
More information about the devel
mailing list