Re: CVS commit: src/sys

[Martin Husemann <martin%NetBSD.org@localhost>]

> > "Maxime Villard" writes:
> > > Module Name:	src
> > > Committed By:	maxv
> > > Date:		Fri Sep 29 17:08:00 UTC 2017
> > > 
> > > Modified Files:
> > > 	src/sys/compat/linux/common: linux_mod.c linux_sysctl.c linux_sysctl.h
> > > 	src/sys/kern: kern_exec.c
> > > 
> > > Log Message:
> > > Remove compat_linux from the autoload list, and add a sysctl to enable or
> > > disable it - which defaults to disabled. The following command is now
> > > required to use linux binaries:
> > > 
> > > 	sysctl -w emul.linux.enabled=1
> > > 
> > > After a discussion on tech-kern@. All the other ideas to reduce the attack
> > > surface have drawbacks, and this sysctl seems to be the best option.
> > 
> > it was not agreed to disable this by default.  please fix.
> 
> No. It is clear that none of the proposals in the recent threads has brought
> unanimous consensus, but this sysctl appears to be the least problematic
> solution. You can speculate endlessly on how difficult it is to type "modload",
> on how many more sysctls we need to add to do autoloads, on where to put the
> functions, the #ifdefs, the options, and so on; meanwhile, I'm going to get
> things done. For now it's a sysctl - if you have a better and implementable
> idea, I'll be happy to hear about it and to work on it.

Maxime, if there is no consensus, you can not act unilateral and force
your personal preference.

If you are concerned there will be no consensus, ask core for a ruling.

Please revert this for now. (Besides, this list is not the proper place
for this discussion.)

Martin