Source-Changes-D archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: src/sys
Le 30/09/2017 à 21:39, matthew green a écrit :
"Maxime Villard" writes:
Module Name: src
Committed By: maxv
Date: Fri Sep 29 17:08:00 UTC 2017
Modified Files:
src/sys/compat/linux/common: linux_mod.c linux_sysctl.c linux_sysctl.h
src/sys/kern: kern_exec.c
Log Message:
Remove compat_linux from the autoload list, and add a sysctl to enable or
disable it - which defaults to disabled. The following command is now
required to use linux binaries:
sysctl -w emul.linux.enabled=1
After a discussion on tech-kern@. All the other ideas to reduce the attack
surface have drawbacks, and this sysctl seems to be the best option.
it was not agreed to disable this by default. please fix.
No. It is clear that none of the proposals in the recent threads has brought
unanimous consensus, but this sysctl appears to be the least problematic
solution. You can speculate endlessly on how difficult it is to type "modload",
on how many more sysctls we need to add to do autoloads, on where to put the
functions, the #ifdefs, the options, and so on; meanwhile, I'm going to get
things done. For now it's a sysctl - if you have a better and implementable
idea, I'll be happy to hear about it and to work on it.
Until then
Maxime
Home |
Main Index |
Thread Index |
Old Index