From: Ingo Molnar
Date: Mon Jun 06 2011 - 08:38:19 EST

* Ted Ts'o <tytso@xxxxxxx> wrote:

> On Mon, Jun 06, 2011 at 12:24:19PM +0200, Ingo Molnar wrote:
> >
> > When: When glibc 2.14 or newer is ubitquitous. Perhaps mid-2012.
> > -Why: Having user-executable code at a fixed address is a security problem.
> > - Turning off CONFIG_UNSAFE_VSYSCALLS mostly removes the risk but will
> > +Why: Having user-executable syscall invoking code at a fixed addresses makes
> > + it easier for attackers to exploit security holes.
> > + Turning off CONFIG_COMPAT_VSYSCALLS mostly removes the risk but will
> > make the time() function slower on glibc versions 2.13 and below.
> > Who: Andy Lutomirski <luto@xxxxxxx>
> I'd suggest 2013 or 2014, at least. People using Ubuntu LTS and
> RHEL 6 are stuck back at glibc 2.11, and many of those users do
> like being able to upgrade to newer kernels. And there are
> probably are a large number of static binaries around.
> Maybe in 2012 or so we change the to be 'no' (and I'd suggest
> adding a comment in the feature-removal-schedule.txt file that this
> will also break static binaries).

There is no breakage of binaries at all, just a small slowdown for
time() calls - but even that is fixable via a simple, backportable
few-liner glibc patch.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at