lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20230621182710.GOZJNA/q4w1yniKeCr@fat_crate.local>
Date:   Wed, 21 Jun 2023 20:27:10 +0200
From:   Borislav Petkov <bp@...en8.de>
To:     Nikolay Borisov <nik.borisov@...e.com>
Cc:     x86@...nel.org, linux-kernel@...r.kernel.org, mhocko@...e.com,
        jslaby@...e.cz
Subject: Re: [PATCH v3 1/5] x86: Make IA32_EMULATION boot time configurable

On Fri, Jun 16, 2023 at 03:57:26PM +0300, Nikolay Borisov wrote:
> Distributions would like to reduce their attack surface as much as
> possible but at the same time they'd want to retain flexibility to cater
> to a variety of legacy software. One such avenue where a balance has to
> be struck is in supporting 32bit syscalls/processes on 64bit kernels. Ideally
> it should be possible for the distribution to set their own policy and
> give users the ability to override those policies as appropriate.
> 
> In order to support this usecase, introduce
> CONFIG_IA32_EMULATION_DEFAULT_DISABLED compile time option, which
> controls whether 32bit processes/syscalls should be allowed or not. This
> allows distributions to set their preferred default behavior in their
> kernel configs.
> 
> On the other hand, in order to allow users to override the distro's
> policy, introduce the 'ia32_mode' parameter which allows overriding
> CONFIG_IA32_EMULATION_DEFAULT_DISABLED state at boot time.
> 
> Signed-off-by: Nikolay Borisov <nik.borisov@...e.com>
> ---
>  Documentation/admin-guide/kernel-parameters.txt |  5 +++++
>  arch/x86/Kconfig                                |  9 +++++++++
>  arch/x86/entry/common.c                         | 16 ++++++++++++++++
>  arch/x86/include/asm/ia32.h                     | 16 +++++++++++++++-
>  4 files changed, 45 insertions(+), 1 deletion(-)
> 
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index 9e5bab29685f..59b1e86ecd9d 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -1865,6 +1865,11 @@
>  			 0 -- machine default
>  			 1 -- force brightness inversion
>  
> +	ia32_mode=		[X86-64]
> +			Format: ia32_mode=disabled, ia32_mode=enabled

ia32_mode=(on|off)

is less typing. Especially if you're standing somewhere in a server room
and trying to type on some weird keyboard which always has the wrong
layout.

:-)

> +			Allows overriding the compile-time state of
> +			IA32_EMULATION_DEFAULT_DISABLED at boot time

Just say what "=on" and "=off" does here - loading of 32-bit programs
and 32-bit syscalls is enabled/disabled.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ