Re: stop breaking dosemu (Re: x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n')

[Stas Sergeev]

03.09.2015 00:40, Andy Lutomirski ÐÐÑÐÑ:
> On Wed, Sep 2, 2015 at 2:12 PM, Stas Sergeev <stsp@xxxxxxx> wrote:
> > 02.09.2015 23:55, Andy Lutomirski ÐÐÑÐÑ:
> >
> > > On Wed, Sep 2, 2015 at 1:47 PM, Stas Sergeev <stsp@xxxxxxx> wrote:
> > > > 02.09.2015 23:22, Josh Boyer ÐÐÑÐÑ:
> > > > > On Wed, Sep 2, 2015 at 1:50 PM, Stas Sergeev <stsp@xxxxxxx> wrote:
> > > > > > 02.09.2015 20:46, Josh Boyer ÐÐÑÐÑ:
> > > > > > > On Wed, Sep 2, 2015 at 10:08 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx>
> > > > > > > wrote:
> > > > > > > > I'd be amenable to switching the default back to y and perhaps adding
> > > > > > > > a sysctl to make the distros more comfortable.  Ingo, Kees, Brian,
> > > > > > > > what do you think?
> > > > > > > Can you please leave the default as N, and have a sysctl option to
> > > > > > > enable it instead?  While dosemu might still be in use, it isn't going
> > > > > > > to be the common case at all.  So from a distro perspective, I think
> > > > > > > we'd probably rather have the default match the common case.
> > > > > > The fact that fedora doesn't package dosemu, doesn't automatically
> > > > > > mean all other distros do not too. Since when kernel defaults should
> > > > > > match the ones of fedora?
> > > > > I didn't say that.
> > > > What you said was:
> > > > ---
> > > >
> > > > While dosemu might still be in use, it isn't going
> > > > to be the common case at all.  So from a distro perspective
> > > >
> > > > ---
> > > > ... which is likely true only in fedora circe.
> > > >
> > > > >      The default right now is N.
> > > > In a not yet released kernel, unless I am mistaken.
> > > > If fedora already provides that kernel, other distros likely not.
> > > >
> > > > >      I asked it be left
> > > > > that way.  That's all.
> > > > Lets assume its not yet N, unless there was a kernel release already.
> > > > Its easy to get back if its not too late.
> > > How about CONFIG_SYSCTL_VM86_DEFAULT which defaults to Y?  Fedora
> > > could set it to N.
> > Sorry, I don't understand this sysctl proposal.
> > Could you please educate me what is it all about?
> > This sysctl will disable or enable the vm86() syscall at run-time,
> > right? What does it give us? If you disable something in the
> > config, this gives you, say, smaller kernel image. If OTOH you
> > add the run-time switch, it gives you a bigger image, regardless
> > of its default value.
> > I might be missing something, but I don't understand what
> > problem will this solve? Have I missed some earlier message
> > in this thread?
> For the 99%+ of users who don't use dosemu, it prevents exploits that
> target vm86 from attacking their kernel.
I don't think the attack scenario was satisfactory explained.
IIRC you only said that
---

The mark_screen_rdonly thing is still kind of scary.  It changes PTEs
on arbitrary mappings behind the vm's back.

---
Just go ahead and remove mark_screen_rdonly, big deal.
Is this all of the threat?
Or do we treat _every_ syscall as the potential attack target?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/