Le 10/09/2017 à 13:16, Manuel Bouyer a écrit :
On Sun, Sep 10, 2017 at 01:13:14PM +0200, Maxime Villard wrote:True enough; but in this particular case, leaving compat features enabled just for the sake of simplicity produces a system that is much more vulnerable than if it had one level of indirection.If you know it's vulnerable then fix it, do not spend time trying to work around it.
Yes, compat_linux/linux32/svr4/svr4_32/ibcs2/etc are probably still vulnerable, but in ways that are far from being obvious. Just look at the vulnerability I fixed in linux32 a few days ago. It was agreed here that somehow there needs to be a way to reduce the attack surface by default without totally "disabling" the features that have a common use case - what I'm discussing now is how to achieve that, not whether to do it or not. Having said that, I can understand that my noload proposal may not be the best. Maxime