Re: CVS commit: src/sys

To: matthew green <mrg%eterna.com.au@localhost>, source-changes-d%NetBSD.org@localhost
Subject: Re: CVS commit: src/sys
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Sun, 1 Oct 2017 09:38:32 +0200

Le 30/09/2017 à 21:39, matthew green a écrit :

"Maxime Villard" writes:

Module Name:	src
Committed By:	maxv
Date:		Fri Sep 29 17:08:00 UTC 2017

Modified Files:
	src/sys/compat/linux/common: linux_mod.c linux_sysctl.c linux_sysctl.h
	src/sys/kern: kern_exec.c

Log Message:
Remove compat_linux from the autoload list, and add a sysctl to enable or
disable it - which defaults to disabled. The following command is now
required to use linux binaries:

	sysctl -w emul.linux.enabled=1

After a discussion on tech-kern@. All the other ideas to reduce the attack
surface have drawbacks, and this sysctl seems to be the best option.


it was not agreed to disable this by default.  please fix.


No. It is clear that none of the proposals in the recent threads has brought
unanimous consensus, but this sysctl appears to be the least problematic
solution. You can speculate endlessly on how difficult it is to type "modload",
on how many more sysctls we need to add to do autoloads, on where to put the
functions, the #ifdefs, the options, and so on; meanwhile, I'm going to get
things done. For now it's a sysctl - if you have a better and implementable
idea, I'll be happy to hear about it and to work on it.

Until then

Maxime

Follow-Ups:
- Re: CVS commit: src/sys
  - From: Martin Husemann
- Re: CVS commit: src/sys
  - From: Manuel Bouyer

References:
- re: CVS commit: src/sys
  - From: matthew green

Prev by Date: re: CVS commit: src/sys
Next by Date: Re: CVS commit: src/sys
Previous by Thread: re: CVS commit: src/sys
Next by Thread: Re: CVS commit: src/sys
Indexes:

Home | Main Index | Thread Index | Old Index