tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Proposal, again: Disable autoload of compat_xyz modules



On Fri, Sep 27, 2019 at 08:30:40AM +0200, Martin Husemann wrote:
> On Thu, Sep 26, 2019 at 09:40:22PM +0200, tlaronde%polynum.com@localhost wrote:
> > If the vulnerabilities can only be exploited by running Linux binaries,
> > IMHO, the point is moot: the ones that don't run Linux binaries are not
> > affected; the ones that do need to run some Linux binaries will have to
> > add the feature so this adds a user's intervention for the very same
> > result at the end.
> 
> I guess the main fear is that the attacker can put a malicious (and likely
> explicitly crafted for a certain bug in NetBSD's linux compat) binary on
> your machine and exectue it. If you have no untrusted local users
> and no admin installed linux binaries, the risc should be quite small.

Well, I don't think "trusted local users" exist anymore. Because they
bring with them (or is it the reverse? The device brings them)
i-phones or whatever and connect them, and download applications...

Slightly related: is NetBSD providing build services so that someone,
not wanting to open his sources, could at least build his program for
NetBSD without installing it? Because the best way to avoid the
compatibility is to have native NetBSD binaries.
-- 
        Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
                     http://www.kergis.com/
                       http://www.sbfa.fr/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89  250D 52B1 AE95 6006 F40C


Home | Main Index | Thread Index | Old Index