| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Nov 2013 09:54:09 -0800 From: Kees Cook <keescook@...omium.org> To: Henrique de Moraes Holschuh <hmh@....eng.br> Cc: Andy Lutomirski <luto@...capital.net>, Russell King - ARM Linux <linux@....linux.org.uk>, Paul Moore <paul@...l-moore.com>, Richard Weinberger <richard@....at>, libseccomp-discuss@...ts.sourceforge.net, Will Drewry <wad@...omium.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org> Subject: Re: ARM audit, seccomp, etc are broken wrt OABI syscalls On Thu, Nov 7, 2013 at 4:55 AM, Henrique de Moraes Holschuh <hmh@....eng.br> wrote: > On Tue, 05 Nov 2013, Andy Lutomirski wrote: >> Maybe the thing to do is to put a warning in the config text for >> CONFIG_OABI_COMPAT that describes the problems (malicious userspace >> can confuse syscall auditors, strace, etc.), change the "if in doubt" >> part to N, and disable seccomp filters if CONFIG_OABI_COMPAT. That >> might even get Debian to change their default. > > Bug reported to the Debian BTS: #728975 > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728975 FWIW, Ubuntu has also now disabled OABI_COMPAT going forward: https://lists.ubuntu.com/archives/kernel-team/2013-November/034242.html -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists