tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Removal of compat-FreeBSD



> On Feb 13, 2015, at 2:14 PM, Christos Zoulas <christos%astron.com@localhost> wrote:
> 
> In article <20150213192419.GB5825%britannica.bec.de@localhost>,
> Joerg Sonnenberger  <joerg%britannica.bec.de@localhost> wrote:
>> 
>> I have asked the same question a long time ago when we pruned a bunch of
>> other obsolete emulations. From a security stand point, I fully agree
>> with Maxime. The usefulness of the FreeBSD emulation is *very* limited,
>> it can't even handle most FreeBSD 4 binaries. I find it highly
>> questionable to keep a non-trivial attack surface for the sake of a
>> single device driver, which most people likely don't even have. I don't
>> see any evidence in the tree of COMPAT_FREEBSD improving or any of the
>> users of tw_cli working on improving the situation by removing the need
>> for it. As such I find disabling COMPAT_FREEBSD by default a very good
>> idea for increasing the visibility of the problem. Maybe someone who
>> should be caring actually starts to...
> 
> I agree with joerg here. I think that reducing the footprint of
> GENERIC for the benefit of security is the right approach to this
> matter... We have the ALL kernel to test compilation, and the
> approach should be that GENERIC should be appropriate for all
> "normal" uses and I think COMPAT_FREEBSD belongs in the "fringe"
> users side (or at least in the limited number of users). I.e.
> If you want to run FreeBSD binaries, you can build your own kernel.

Also, shouldn't the compat_freebsd module be autoloaded if you need it?
If so, not having it in the kernel shouldn't really affect things.


Home | Main Index | Thread Index | Old Index