Re: stop breaking dosemu (Re: x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n')

From: Stas Sergeev
Date: Wed Sep 02 2015 - 17:49:12 EST


03.09.2015 00:40, Andy Lutomirski ÐÐÑÐÑ:
On Wed, Sep 2, 2015 at 2:12 PM, Stas Sergeev <stsp@xxxxxxx> wrote:
02.09.2015 23:55, Andy Lutomirski ÐÐÑÐÑ:

On Wed, Sep 2, 2015 at 1:47 PM, Stas Sergeev <stsp@xxxxxxx> wrote:
02.09.2015 23:22, Josh Boyer ÐÐÑÐÑ:
On Wed, Sep 2, 2015 at 1:50 PM, Stas Sergeev <stsp@xxxxxxx> wrote:
02.09.2015 20:46, Josh Boyer ÐÐÑÐÑ:
On Wed, Sep 2, 2015 at 10:08 AM, Andy Lutomirski <luto@xxxxxxxxxxxxxx>
wrote:
I'd be amenable to switching the default back to y and perhaps adding
a sysctl to make the distros more comfortable. Ingo, Kees, Brian,
what do you think?
Can you please leave the default as N, and have a sysctl option to
enable it instead? While dosemu might still be in use, it isn't going
to be the common case at all. So from a distro perspective, I think
we'd probably rather have the default match the common case.
The fact that fedora doesn't package dosemu, doesn't automatically
mean all other distros do not too. Since when kernel defaults should
match the ones of fedora?
I didn't say that.
What you said was:
---

While dosemu might still be in use, it isn't going
to be the common case at all. So from a distro perspective

---
... which is likely true only in fedora circe.

The default right now is N.
In a not yet released kernel, unless I am mistaken.
If fedora already provides that kernel, other distros likely not.

I asked it be left
that way. That's all.
Lets assume its not yet N, unless there was a kernel release already.
Its easy to get back if its not too late.
How about CONFIG_SYSCTL_VM86_DEFAULT which defaults to Y? Fedora
could set it to N.
Sorry, I don't understand this sysctl proposal.
Could you please educate me what is it all about?
This sysctl will disable or enable the vm86() syscall at run-time,
right? What does it give us? If you disable something in the
config, this gives you, say, smaller kernel image. If OTOH you
add the run-time switch, it gives you a bigger image, regardless
of its default value.
I might be missing something, but I don't understand what
problem will this solve? Have I missed some earlier message
in this thread?
For the 99%+ of users who don't use dosemu, it prevents exploits that
target vm86 from attacking their kernel.
I don't think the attack scenario was satisfactory explained.
IIRC you only said that
---

The mark_screen_rdonly thing is still kind of scary. It changes PTEs
on arbitrary mappings behind the vm's back.

---
Just go ahead and remove mark_screen_rdonly, big deal.
Is this all of the threat?
Or do we treat _every_ syscall as the potential attack target?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/