Re: Proposal, again: Disable autoload of compat_xyz modules

[Jaromír Doleček <jaromir.dolecek%gmail.com@localhost>]

Le jeu. 26 sept. 2019 à 18:08, Manuel Bouyer <bouyer%antioche.eu.org@localhost> a écrit :
>
> On Thu, Sep 26, 2019 at 05:10:01PM +0200, Maxime Villard wrote:
> > issues for a clearly marginal use case, and given the current general
>          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> This is where we dissagree. You guess it's marginal but there's no
> evidence of that (and there's no evidence of the opposite either).

FYI - I've put also a lot of efford into fixing & enhancing
compat_linux in past. I also greatly appreciate all the work work of
other folks working on the layer, it's super useful in some situations
- browser with flash support used to be important (thankfully not
anymore), also vmware and matlab, I also used some Oracle dev tools.
However, that is not the topic of the discussion.

Let's concentrate on whether it should be enabled by default.

Given the history, to me it's completely clear compat_linux shouldn't
be on by default. Any possible linux-specific exploits should only be
problem for people actually explicitly enabling it. Let's just stop
pretending that we'd setup any kind of reasonable testing suite for
this - it has not been done in last >20 years, it's even less likely
to happen now that most of the major use cases are actually moot.

As Maya suggested, let's keep this concentrated on COMPAT_LINUX only
to avoid further bikeshed flogging, so basically I propose doing this:
1) Comment out COMPAT_LINUX from all kernels configs for all archs
which support modular
2) Disable autoload for compat_linux, requiring the user to explicitly
configure system to load it. No extra sysctl.

Any major and specific objections?

Jaromir