CVS commit: [netbsd-8] src/sys

["Soren Jacobsen" <snj%netbsd.org@localhost>]

Module Name:    src
Committed By:   snj
Date:           Mon Sep 11 05:13:46 UTC 2017

Modified Files:
        src/sys/arch/i386/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU
        src/sys/kern [netbsd-8]: kern_exec.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #256):
        sys/arch/i386/conf/GENERIC: revision 1.1159 via patch
        sys/arch/i386/conf/XEN3_DOMU: revision 1.78 via patch
        sys/arch/i386/conf/XEN3_DOM0: revision 1.114 via patch
        sys/kern/kern_exec.c: 1.443-1.444 via patch
Disable svr4 and ibcs2 by default.
These options are not well-tested, of a limited use case, and the potential
for damage is too high. Vulnerabilities were presented at DEFCON 25 - I see
that at least one of them can be exploited to get ring0 privileges.
--
Remove compat_freebsd from the list of autoloaded modules. Interested users
will now have to type 'modload' to use it, or uncomment the entry in
GENERIC. I should have removed it when I disabled COMPAT_FREEBSD by
default, sorry about that.
--
Remove compat_svr4, compat_svr4_32 and compat_ibcs2 from the list of
autoloaded modules. These options are disabled everywhere (except ibcs2
on Vax, but Vax does not support kernel modules, so doesn't matter),
therefore there is no issue in removing them from the list. Interested
users will now have to do a 'modload' first, or uncomment the entries in
GENERIC.


To generate a diff of this commit:
cvs rdiff -u -r1.1156.2.5 -r1.1156.2.6 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.112.4.4 -r1.112.4.5 src/sys/arch/i386/conf/XEN3_DOM0
cvs rdiff -u -r1.77.2.3 -r1.77.2.4 src/sys/arch/i386/conf/XEN3_DOMU
cvs rdiff -u -r1.442.4.1 -r1.442.4.2 src/sys/kern/kern_exec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.