Re: Proposal: Disable autoload of compat_xyz modules

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Sun, Sep 10, 2017 at 01:32:27PM +0200, Maxime Villard wrote:
> Le 10/09/2017 à 13:16, Manuel Bouyer a écrit :
> > On Sun, Sep 10, 2017 at 01:13:14PM +0200, Maxime Villard wrote:
> > > True enough; but in this particular case, leaving compat features enabled just
> > > for the sake of simplicity produces a system that is much more vulnerable than
> > > if it had one level of indirection.
> > 
> > If you know it's vulnerable then fix it, do not spend time trying to
> > work around it.
> 
> Yes, compat_linux/linux32/svr4/svr4_32/ibcs2/etc are probably still vulnerable,

as is the native exec path or compat_netbsd32 ...

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--