| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Jul 2015 13:27:43 -0700 From: Andy Lutomirski <luto@...capital.net> To: Sasha Levin <sasha.levin@...cle.com> Cc: Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>, Steven Rostedt <rostedt@...dmis.org>, "security@...nel.org" <security@...nel.org>, X86 ML <x86@...nel.org>, Borislav Petkov <bp@...en8.de>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>, Boris Ostrovsky <boris.ostrovsky@...cle.com> Subject: Re: [PATCH v2 2/3] x86/ldt: Make modify_ldt optional On Tue, Jul 21, 2015 at 1:20 PM, Sasha Levin <sasha.levin@...cle.com> wrote: > On 07/21/2015 03:59 PM, Andy Lutomirski wrote: >> The modify_ldt syscall exposes a large attack surface and is >> unnecessary for modern userspace. Make it optional. > > Since this a "default y" option I think we need to make the > implications of this a bit clearer. Do you mean improving the help text? To be clear, there's no change on a non-EXPERT of default EXPERT kernel here. > > Do we know what userspace would break? Some Wine and some DOSEMU most likely. Also many of the exploits I've written over the past year or two :) > > Maybe add a WARN_ONCE() in a stub syscall? > I think if we do that then we should do it for all the syscall disabling things. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists