We also run critical software that depends on the vm86 for performance reasons, and we are already using dosemu with root privileges to gain direct hardware access, so we see the potential security risks of this are trivial. The suggestion above to have the patch back-ported to enable vm86 only when vm.mmap_min_addr=0 seems a perfectly good way of satisfying all user cases.
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1499089 Title: Please enable kconfig X86_LEGACY_VM86 for i386 Status in linux package in Ubuntu: Triaged Bug description: In order for dosemu to reach maximum performance (a > 10x speedup) please enable kconfig X86_LEGACY_VM86 in the kernel. As of this commit http://www.spinics.net/lists/linux-tip-commits/msg30360.html the overzealous kconfig message that seemed to suggest that the vm86() syscall was a security hazard in itself has been revised to reflect reality. Also please note that even if this kconfig option is enabled the runtime default is still off as vm86 is only actually enabled if the sysctl vm.mmap_min_addr is set to 0. That said, allowing vm.mmap_min_addr=0 is a known security risk and enabling the vm86() syscall to operate additionally would add little value to any potential attacker. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1499089/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
