On Sat, Jul 25, 2015 at 09:03:54AM -0700, Andy Lutomirski wrote:
> On Sat, Jul 25, 2015 at 2:15 AM, Borislav Petkov wrote:
> > Is that "default y" going to turn into a "default n" after a grace
> > period?
>
> Let's see how Willy's default-off sysctl plays out. In the long run,
> maybe we'll hav
On Sat, Jul 25, 2015 at 2:15 AM, Borislav Petkov wrote:
> On Fri, Jul 24, 2015 at 10:36:45PM -0700, Andy Lutomirski wrote:
>> The modify_ldt syscall exposes a large attack surface and is
>> unnecessary for modern userspace. Make it optional.
>>
>> Signed-off-by: Andy Lutomirski
>> ---
>> arch/x
On Fri, Jul 24, 2015 at 10:36:45PM -0700, Andy Lutomirski wrote:
> The modify_ldt syscall exposes a large attack surface and is
> unnecessary for modern userspace. Make it optional.
>
> Signed-off-by: Andy Lutomirski
> ---
> arch/x86/Kconfig | 17 +
> arch/x86/
On Fri, Jul 24, 2015 at 11:44:52PM -0700, Andy Lutomirski wrote:
> I'm all for it, but I think it should be hard-disablable in config,
> too, for the -tiny people.
I totally agree.
> If we add a runtime disable, let's do a
> separate patch, and you and Kees can fight over how general it should
>
On Fri, Jul 24, 2015 at 11:23 PM, Willy Tarreau wrote:
> On Fri, Jul 24, 2015 at 10:36:45PM -0700, Andy Lutomirski wrote:
>> The modify_ldt syscall exposes a large attack surface and is
>> unnecessary for modern userspace. Make it optional.
>
> Andy, you didn't respond whether you think it wouldn
On Fri, Jul 24, 2015 at 10:36:45PM -0700, Andy Lutomirski wrote:
> The modify_ldt syscall exposes a large attack surface and is
> unnecessary for modern userspace. Make it optional.
Andy, you didn't respond whether you think it wouldn't be better to make
it runtime-configurable instead. The goal
The modify_ldt syscall exposes a large attack surface and is
unnecessary for modern userspace. Make it optional.
Signed-off-by: Andy Lutomirski
---
arch/x86/Kconfig | 17 +
arch/x86/include/asm/mmu.h | 2 ++
arch/x86/include/asm/mmu_context.h | 31
7 matches
Mail list logo
