On Tue, Jul 21, 2015 at 1:20 PM, Sasha Levin <sasha.le...@oracle.com> wrote: > On 07/21/2015 03:59 PM, Andy Lutomirski wrote: >> The modify_ldt syscall exposes a large attack surface and is >> unnecessary for modern userspace. Make it optional. > > Since this a "default y" option I think we need to make the > implications of this a bit clearer.
Do you mean improving the help text? To be clear, there's no change on a non-EXPERT of default EXPERT kernel here. > > Do we know what userspace would break? Some Wine and some DOSEMU most likely. Also many of the exploits I've written over the past year or two :) > > Maybe add a WARN_ONCE() in a stub syscall? > I think if we do that then we should do it for all the syscall disabling things. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/