Le 10/09/2017 à 13:37, Manuel Bouyer a écrit :
On Sun, Sep 10, 2017 at 01:32:27PM +0200, Maxime Villard wrote:Le 10/09/2017 à 13:16, Manuel Bouyer a écrit :On Sun, Sep 10, 2017 at 01:13:14PM +0200, Maxime Villard wrote:True enough; but in this particular case, leaving compat features enabled just for the sake of simplicity produces a system that is much more vulnerable than if it had one level of indirection.If you know it's vulnerable then fix it, do not spend time trying to work around it.Yes, compat_linux/linux32/svr4/svr4_32/ibcs2/etc are probably still vulnerable,as is the native exec path or compat_netbsd32 ...
yes, but these are critical to the functioning of the system, contrary to the ones I'm talking about