Re: Proposal, again: Disable autoload of compat_xyz modules

[Martin Husemann <martin%duskware.de@localhost>]

On Thu, Sep 26, 2019 at 09:40:22PM +0200, tlaronde%polynum.com@localhost wrote:
> If the vulnerabilities can only be exploited by running Linux binaries,
> IMHO, the point is moot: the ones that don't run Linux binaries are not
> affected; the ones that do need to run some Linux binaries will have to
> add the feature so this adds a user's intervention for the very same
> result at the end.

I guess the main fear is that the attacker can put a malicious (and likely
explicitly crafted for a certain bug in NetBSD's linux compat) binary on
your machine and exectue it. If you have no untrusted local users
and no admin installed linux binaries, the risc should be quite small.

If you have local users, the risc is pretty high. The relatively bad testing
situation for this compat layers could easily lead to non-malicious
linux binaries running into strange error cases and triggereing corner
cases in the compat layers (most likely variant: a user tries some random linux
binary, the emulation is incomplete and the kernel crashes).

There are other vectors to get to this vulnerabilities, but they all require
exploiting some other serious bug first.

Martin