On 08/11/2017 18:09, Denys Vlasenko wrote: > On 11/08/2017 05:57 PM, Linus Torvalds wrote: >> On Wed, Nov 8, 2017 at 8:53 AM, Denys Vlasenko <dvlas...@redhat.com> >> wrote: >>> We can postpone enabling UMIP by default by a year or so. >>> By this time, new Wine will be on majority of users' machines. >> >> So you are suggesting we run unnecessarily insecure, only in order to >> not do the emulation that we already have the code for and that the >> patch implements? > > We ran insecure in this way for ~25 years. > >> Why? > > To avoid having to maintain more obscure, rarely executed code.
As a start, you could propose a patch to disable the emulation code through a sysctl or Kconfig symbol. I would be surprised if it takes more time than what you've spent writing emails in this thread. Paolo
