Re: stop breaking dosemu (Re: x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n')

[Austin S Hemmelgarn]

On 2015-09-02 17:12, Stas Sergeev wrote:
> 02.09.2015 23:55, Andy Lutomirski ÐÐÑÐÑ:
> > On Wed, Sep 2, 2015 at 1:47 PM, Stas Sergeev <stsp@xxxxxxx> wrote:
> > > 02.09.2015 23:22, Josh Boyer ÐÐÑÐÑ:
> > > > On Wed, Sep 2, 2015 at 1:50 PM, Stas Sergeev <stsp@xxxxxxx> wrote:
> > > > > 02.09.2015 20:46, Josh Boyer ÐÐÑÐÑ:
> > > > > > On Wed, Sep 2, 2015 at 10:08 AM, Andy Lutomirski
> > > > > > <luto@xxxxxxxxxxxxxx>
> > > > > > wrote:
> > > > > > > I'd be amenable to switching the default back to y and perhaps
> > > > > > > adding
> > > > > > > a sysctl to make the distros more comfortable.  Ingo, Kees, Brian,
> > > > > > > what do you think?
> > > > > > Can you please leave the default as N, and have a sysctl option to
> > > > > > enable it instead?  While dosemu might still be in use, it isn't
> > > > > > going
> > > > > > to be the common case at all.  So from a distro perspective, I think
> > > > > > we'd probably rather have the default match the common case.
> > > > > The fact that fedora doesn't package dosemu, doesn't automatically
> > > > > mean all other distros do not too. Since when kernel defaults should
> > > > > match the ones of fedora?
> > > > I didn't say that.
> > > What you said was:
> > > ---
> > >
> > > While dosemu might still be in use, it isn't going
> > > to be the common case at all.  So from a distro perspective
> > >
> > > ---
> > > ... which is likely true only in fedora circe.
> > >
> > > >     The default right now is N.
> > > In a not yet released kernel, unless I am mistaken.
> > > If fedora already provides that kernel, other distros likely not.
> > >
> > > >     I asked it be left
> > > > that way.  That's all.
> > > Lets assume its not yet N, unless there was a kernel release already.
> > > Its easy to get back if its not too late.
> > How about CONFIG_SYSCTL_VM86_DEFAULT which defaults to Y?  Fedora
> > could set it to N.
> Sorry, I don't understand this sysctl proposal.
> Could you please educate me what is it all about?
> This sysctl will disable or enable the vm86() syscall at run-time,
> right? What does it give us? If you disable something in the
> config, this gives you, say, smaller kernel image. If OTOH you
> add the run-time switch, it gives you a bigger image, regardless
> of its default value.
> I might be missing something, but I don't understand what
> problem will this solve? Have I missed some earlier message
> in this thread?
The problem this solves is not kernel size, that is not the only reason 
for wanting to disable a system call.  In this case, it's a system call 
that is unused by all but a very few programs, which are in turn used by 
a small percentage of users, and said system call does quite a few 
things that are potentially very dangerous.  Disabling it reduces the 
attack surface of the system.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature