Module Name: src
Committed By: maxv
Date: Fri Jul 28 14:13:13 UTC 2017
Modified Files:
src/sys/arch/i386/conf: GENERIC XEN3_DOM0 XEN3_DOMU
Log Message:
Disable svr4 and ibcs2 by default.
These options are not well-tested, of a limited use case, and the potential
for damage is too high. Vulnerabilities were presented at DEFCON 25 - I see
that at least one of them can be exploited to get ring0 privileges.
To generate a diff of this commit:
cvs rdiff -u -r1.1158 -r1.1159 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.113 -r1.114 src/sys/arch/i386/conf/XEN3_DOM0
cvs rdiff -u -r1.77 -r1.78 src/sys/arch/i386/conf/XEN3_DOMU
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/i386/conf/GENERIC
diff -u src/sys/arch/i386/conf/GENERIC:1.1158 src/sys/arch/i386/conf/GENERIC:1.1159
--- src/sys/arch/i386/conf/GENERIC:1.1158 Fri Jul 28 13:59:07 2017
+++ src/sys/arch/i386/conf/GENERIC Fri Jul 28 14:13:13 2017
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1158 2017/07/28 13:59:07 maxv Exp $
+# $NetBSD: GENERIC,v 1.1159 2017/07/28 14:13:13 maxv Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/i386/conf/std.i386"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.1158 $"
+#ident "GENERIC-$Revision: 1.1159 $"
maxusers 64 # estimated number of users
@@ -144,8 +144,8 @@ options COMPAT_43 # 4.3BSD, 386BSD, and
#options TCP_COMPAT_42 # 4.2BSD TCP/IP bug compat. Not recommended.
options COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
-options COMPAT_SVR4 # binary compatibility with SVR4
-options COMPAT_IBCS2 # binary compatibility with SCO and ISC
+#options COMPAT_SVR4 # binary compatibility with SVR4
+#options COMPAT_IBCS2 # binary compatibility with SCO and ISC
options COMPAT_LINUX # binary compatibility with Linux
#options COMPAT_FREEBSD # binary compatibility with FreeBSD
#options COMPAT_NDIS # NDIS network driver
Index: src/sys/arch/i386/conf/XEN3_DOM0
diff -u src/sys/arch/i386/conf/XEN3_DOM0:1.113 src/sys/arch/i386/conf/XEN3_DOM0:1.114
--- src/sys/arch/i386/conf/XEN3_DOM0:1.113 Thu Jun 22 18:14:32 2017
+++ src/sys/arch/i386/conf/XEN3_DOM0 Fri Jul 28 14:13:13 2017
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOM0,v 1.113 2017/06/22 18:14:32 khorben Exp $
+# $NetBSD: XEN3_DOM0,v 1.114 2017/07/28 14:13:13 maxv Exp $
#
# XEN3_0: Xen 3.0 domain0 kernel
@@ -97,8 +97,8 @@ options COMPAT_386BSD_MBRPART # recogni
#options TCP_COMPAT_42 # 4.2BSD TCP/IP bug compat. Not recommended.
options COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
-options COMPAT_SVR4 # binary compatibility with SVR4
-options COMPAT_IBCS2 # binary compatibility with SCO and ISC
+#options COMPAT_SVR4 # binary compatibility with SVR4
+#options COMPAT_IBCS2 # binary compatibility with SCO and ISC
options COMPAT_LINUX # binary compatibility with Linux
#options COMPAT_FREEBSD # binary compatibility with FreeBSD
options COMPAT_BSDPTY # /dev/[pt]ty?? ptys.
Index: src/sys/arch/i386/conf/XEN3_DOMU
diff -u src/sys/arch/i386/conf/XEN3_DOMU:1.77 src/sys/arch/i386/conf/XEN3_DOMU:1.78
--- src/sys/arch/i386/conf/XEN3_DOMU:1.77 Sun May 21 06:19:37 2017
+++ src/sys/arch/i386/conf/XEN3_DOMU Fri Jul 28 14:13:13 2017
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOMU,v 1.77 2017/05/21 06:19:37 pgoyette Exp $
+# $NetBSD: XEN3_DOMU,v 1.78 2017/07/28 14:13:13 maxv Exp $
include "arch/xen/conf/std.xen"
@@ -81,8 +81,8 @@ options COMPAT_386BSD_MBRPART # recogni
#options TCP_COMPAT_42 # 4.2BSD TCP/IP bug compat. Not recommended.
options COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
-options COMPAT_SVR4 # binary compatibility with SVR4
-options COMPAT_IBCS2 # binary compatibility with SCO and ISC
+#options COMPAT_SVR4 # binary compatibility with SVR4
+#options COMPAT_IBCS2 # binary compatibility with SCO and ISC
options COMPAT_LINUX # binary compatibility with Linux
#options COMPAT_FREEBSD # binary compatibility with FreeBSD
options COMPAT_BSDPTY # /dev/[pt]ty?? ptys.
