SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Simply being redundant is no sufficient for removal.
Removing the "Menu" option will have the effect that when someone asks why a custom installation does not work, they will get the consistent reply here "You must be able to resolve the problem yourself because you chose Expert", so saving everyone a lot of time.
I thought Expert already implied it was a custom install; surely nobody is THAT inept to figure it out per its description.
IMHO, efficiency for the sake of efficiency is not all it's cracked up to be. Without a certain amount of redundancy, experimenters cannot operate "above their pay-grade". The consequence of this is actually increased inneptness! Plato's "social station" philosophy is a prerequisite for increased specialization (read propriety). I think we already have enough of that.
IMHO, efficiency for the sake of efficiency is not all it's cracked up to be. Without a certain amount of redundancy, experimenters cannot operate "above their pay-grade". The consequence of this is actually increased inneptness! Plato's "social station" philosophy is a prerequisite for increased specialization (read propriety). I think we already have enough of that.
Yes but on the other hand "I made it fool proof, but they are making better fools."
I've been running the latest kernels on 15.0, using "make oldconfig" every time I upgrade. With the recently released 6.6.2 configs in Slackware-current I was able to compare differences. These are the notable ones I think are worth considering (Y->N):
CONFIG_LEGACY_TIOCSTI (Y -> N)
Code:
Allow legacy TIOCSTI usage (LEGACY_TIOCSTI)
CONFIG_LEGACY_TIOCSTI:
Historically the kernel has allowed TIOCSTI, which will push
characters into a controlling TTY. This continues to be used
as a malicious privilege escalation mechanism, and provides no
meaningful real-world utility any more. Its use is considered
a dangerous legacy operation, and can be disabled on most
systems.
Say Y here only if you have confirmed that your system's
userspace depends on this functionality to continue operating
normally.
Processes which run with CAP_SYS_ADMIN, such as BRLTTY, can
use TIOCSTI even when this is set to N.
This functionality can be changed at runtime with the
dev.tty.legacy_tiocsti sysctl. This configuration option sets
the default value of the sysctl.
Symbol: LEGACY_TIOCSTI [=y]
Type : bool
Defined at drivers/tty/Kconfig:152
Prompt: Allow legacy TIOCSTI usage
Depends on: TTY [=y]
Location:
-> Device Drivers
-> Character devices
-> Enable TTY (TTY [=y])
-> Allow legacy TIOCSTI usage (LEGACY_TIOCSTI [=y])
Rationale: as noted above, for those that really need this it can be configured at runtime using the dev.tty.legacy_tiocsti sysctl.
CONFIG_DRM_LEGACY (Y -> N)
Code:
Enable legacy drivers (DANGEROUS) (DRM_LEGACY)
CONFIG_DRM_LEGACY:
Enable legacy DRI1 drivers. Those drivers expose unsafe and dangerous
APIs to user-space, which can be used to circumvent access
restrictions and other security measures. For backwards compatibility
those drivers are still available, but their use is highly
inadvisable and might harm your system.
You are recommended to use the safe modeset-only drivers instead, and
perform 3D emulation in user-space.
Unless you have strong reasons to go rogue, say "N".
Symbol: DRM_LEGACY [=y]
Type : bool
Defined at drivers/gpu/drm/Kconfig:405
Prompt: Enable legacy drivers (DANGEROUS)
Depends on: HAS_IOMEM [=y] && DRM [=m] && MMU [=y]
Location:
-> Device Drivers
-> Graphics support
-> Enable legacy drivers (DANGEROUS) (DRM_LEGACY [=y])
I've been running with this disabled for at least several months now (using proprietary nVidia driver).
CONFIG_XFS_SUPPORT_ASCII_CI (Y -> N)
Code:
Support deprecated case-insensitive ascii (ascii-ci=1) format (XFS_SUPPORT_ASCII_CI)
CONFIG_XFS_SUPPORT_ASCII_CI:
The ASCII case insensitivity filesystem feature only works correctly
on systems that have been coerced into using ISO 8859-1, and it does
not work on extended attributes. The kernel has no visibility into
the locale settings in userspace, so it corrupts UTF-8 names.
Enabling this feature makes XFS vulnerable to mixed case sensitivity
attacks. Because of this, the feature is deprecated. All users
should upgrade by backing up their files, reformatting, and restoring
from the backup.
Administrators and users can detect such a filesystem by running
xfs_info against a filesystem mountpoint and checking for a string
beginning with "ascii-ci=". If the string "ascii-ci=1" is found, the
filesystem is a case-insensitive filesystem. If no such string is
found, please upgrade xfsprogs to the latest version and try again.
This option will become default N in September 2025. Support for the
feature will be removed entirely in September 2030. Distributors
can say N here to withdraw support earlier.
To continue supporting case-insensitivity (ascii-ci=1), say Y.
To close off an attack surface, say N.
Symbol: XFS_SUPPORT_ASCII_CI [=y]
Type : bool
Defined at fs/xfs/Kconfig:50
Prompt: Support deprecated case-insensitive ascii (ascii-ci=1) format
Depends on: BLOCK [=y] && XFS_FS [=y]
Location:
-> File systems
-> XFS filesystem support (XFS_FS [=y])
-> Support deprecated case-insensitive ascii (ascii-ci=1) format (XFS_SUPPORT_ASCII_CI [=y])
I don't use XFS, but according to the help text this option will be going away eventually. So probably either this dev cycle or the next this should be disabled.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.