On Wed, Jun 23, 2004 at 11:18:22AM -0400, Andrew Brown wrote:
> On Wed, Jun 23, 2004 at 11:45:43AM +0200, Manuel Bouyer wrote:
> >On Tue, Jun 22, 2004 at 05:23:18PM -0700, Erik E. Fair wrote:
> >> Sometimes it's not even a matter of security - I remember all the 
> >> screaming when deferencing address zero stopped working on newer UNIX 
> >> systems of the day, and that broke a whole lot of (badly written) 
> >> software. Incremental improvements in practice are still a good thing.
> >> 
> >> Since software from our own source tree is unaffected (or has been 
> >> cleaned up already), it seems to me that the explicit enforcement of 
> >> execution permissions needs to be a per-emulation flag, and that in 
> >> our kernel configurations, those emulations that require the 
> >> enforcement off should themselves be commented out by default with a 
> >> clear notation of the security threat that they pose. We can change 
> >> each emulation's flag and "commented out" status when they clean up 
> >> their acts (presuming they ever will; emulations of EOL'd operating 
> >> systems will just have to endure whatever state they turn out to be 
> >> in).
> >
> >I don't think having the emulations commented out by default is a big deal,
> >as we also provide LKMs, and there is LKM support in the GENERIC kernels.
> >We'd just have to add to the release notes that emulation support now is not
> >enabled by default, and you have to uncomment them in /etc/lkm.conf to use
> >them (along with the security warnings about non-exec stack).
> 
> oh, and don't forget to add something that tells the user they need to
> rebuild all the lkms if they build their own kernel with any of:
> 
> 	DIAGNOSTIC
> 	DEBUG
> 	LOCKDEBUG
> 	MULTIPROCESSOR
> 	MALLOCLOG

If they build their own kernel, they can also add the right COMPAT_xxx
option :)

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--