Re: Proposal, again: Disable autoload of compat_xyz modules

To: tech-kern%netbsd.org@localhost
Subject: Re: Proposal, again: Disable autoload of compat_xyz modules
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Fri, 27 Sep 2019 20:18:04 +0200

> I guess the main fear is that the attacker can put a malicious (and likely
> explicitly crafted for a certain bug in NetBSD's linux compat) binary on
> your machine and exectue it.
Yes, I guess that's the (valid) point.

My impression (I stay corrected) is that compat_linux is mostly used to run 
a very restricted set of Linux binaries (proprietary software not available 
for NetBSD) on a NetBSD host.
So what would actually be needed (I guess) is a way to restrict emulation 
(actually running that emulation, not auto-loading the module) to a known 
set of binaries. I have no idea whether that's possible.

References:
- Proposal, again: Disable autoload of compat_xyz modules
  - From: Maxime Villard
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: tlaronde
- Re: Proposal, again: Disable autoload of compat_xyz modules
  - From: Martin Husemann

Prev by Date: Re: Proposal, again: Disable autoload of compat_xyz modules
Next by Date: Re: panic: UBSan: Undefined Behavior in /syzkaller/managers/netbsd-kubsan/kernel/sys/kern/kern_rndq.c:LINE, negation of -ADD Reply-To:
Previous by Thread: Re: Proposal, again: Disable autoload of compat_xyz modules
Indexes:

Home | Main Index | Thread Index | Old Index