On Fri, Jul 24, 2015 at 09:24:51AM +0200, Willy Tarreau wrote:
> On Thu, Jul 23, 2015 at 05:09:21PM -0700, Kees Cook wrote:
> > > All this to say that probably only a handful of tricky syscalls would
> > > need an on/off switch but clearly not all of them at all, so I'd rather
> > > add a few entri
On Thu, Jul 23, 2015 at 05:09:21PM -0700, Kees Cook wrote:
> > All this to say that probably only a handful of tricky syscalls would
> > need an on/off switch but clearly not all of them at all, so I'd rather
> > add a few entries just for the relevant ones, mainly to fix compatibility
> > issues a
On Thu, Jul 23, 2015 at 4:58 PM, Willy Tarreau wrote:
> On Thu, Jul 23, 2015 at 04:40:14PM -0700, Andy Lutomirski wrote:
>> On Thu, Jul 23, 2015 at 4:36 PM, Kees Cook wrote:
>> > I've been pondering something like this that is even MORE generic, for
>> > any syscall. Something like a "syscalls" d
On Thu, Jul 23, 2015 at 04:40:14PM -0700, Andy Lutomirski wrote:
> On Thu, Jul 23, 2015 at 4:36 PM, Kees Cook wrote:
> > I've been pondering something like this that is even MORE generic, for
> > any syscall. Something like a "syscalls" directory under
> > /proc/sys/kernel, with 1 entry per syscal
On Thu, Jul 23, 2015 at 4:36 PM, Kees Cook wrote:
> On Thu, Jul 23, 2015 at 3:24 AM, Willy Tarreau wrote:
>> #ifdef CONFIG_SMP
>> static void flush_ldt(void *current_mm)
>> {
>> @@ -254,6 +260,9 @@ asmlinkage int sys_modify_ldt(int func, void __user *ptr,
>> {
>> int ret = -ENOSYS;
>>
On Thu, Jul 23, 2015 at 3:24 AM, Willy Tarreau wrote:
> Hi Andy,
>
> On Wed, Jul 22, 2015 at 12:23:47PM -0700, Andy Lutomirski wrote:
>> The modify_ldt syscall exposes a large attack surface and is
>> unnecessary for modern userspace. Make it optional.
>
> Wouldn't you prefer something like this
Hi Andy,
On Wed, Jul 22, 2015 at 12:23:47PM -0700, Andy Lutomirski wrote:
> The modify_ldt syscall exposes a large attack surface and is
> unnecessary for modern userspace. Make it optional.
Wouldn't you prefer something like this which makes it possible to re-enable
it at runtime so that we can
>>> On 22.07.15 at 21:23, wrote:
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1015,6 +1015,7 @@ config VM86
> config X86_16BIT
> bool "Enable support for 16-bit segments" if EXPERT
> default y
> + depends on MODIFY_LDT_SYSCALL
> ---help---
> This option is
The modify_ldt syscall exposes a large attack surface and is
unnecessary for modern userspace. Make it optional.
Signed-off-by: Andy Lutomirski
---
arch/x86/Kconfig | 17 +
arch/x86/include/asm/mmu.h | 2 ++
arch/x86/include/asm/mmu_context.h | 31
