CVS commit: [netbsd-8] src/sys

Sun, 10 Sep 2017 22:14:06 -0700 

Module Name:    src
Committed By:   snj
Date:           Mon Sep 11 05:13:46 UTC 2017

Modified Files:
        src/sys/arch/i386/conf [netbsd-8]: GENERIC XEN3_DOM0 XEN3_DOMU
        src/sys/kern [netbsd-8]: kern_exec.c

Log Message:
Pull up following revision(s) (requested by maxv in ticket #256):
        sys/arch/i386/conf/GENERIC: revision 1.1159 via patch
        sys/arch/i386/conf/XEN3_DOMU: revision 1.78 via patch
        sys/arch/i386/conf/XEN3_DOM0: revision 1.114 via patch
        sys/kern/kern_exec.c: 1.443-1.444 via patch
Disable svr4 and ibcs2 by default.
These options are not well-tested, of a limited use case, and the potential
for damage is too high. Vulnerabilities were presented at DEFCON 25 - I see
that at least one of them can be exploited to get ring0 privileges.
--
Remove compat_freebsd from the list of autoloaded modules. Interested users
will now have to type 'modload' to use it, or uncomment the entry in
GENERIC. I should have removed it when I disabled COMPAT_FREEBSD by
default, sorry about that.
--
Remove compat_svr4, compat_svr4_32 and compat_ibcs2 from the list of
autoloaded modules. These options are disabled everywhere (except ibcs2
on Vax, but Vax does not support kernel modules, so doesn't matter),
therefore there is no issue in removing them from the list. Interested
users will now have to do a 'modload' first, or uncomment the entries in
GENERIC.


To generate a diff of this commit:
cvs rdiff -u -r1.1156.2.5 -r1.1156.2.6 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.112.4.4 -r1.112.4.5 src/sys/arch/i386/conf/XEN3_DOM0
cvs rdiff -u -r1.77.2.3 -r1.77.2.4 src/sys/arch/i386/conf/XEN3_DOMU
cvs rdiff -u -r1.442.4.1 -r1.442.4.2 src/sys/kern/kern_exec.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/arch/i386/conf/GENERIC
diff -u src/sys/arch/i386/conf/GENERIC:1.1156.2.5 src/sys/arch/i386/conf/GENERIC:1.1156.2.6
--- src/sys/arch/i386/conf/GENERIC:1.1156.2.5	Thu Aug 31 08:41:33 2017
+++ src/sys/arch/i386/conf/GENERIC	Mon Sep 11 05:13:45 2017
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1156.2.5 2017/08/31 08:41:33 bouyer Exp $
+# $NetBSD: GENERIC,v 1.1156.2.6 2017/09/11 05:13:45 snj Exp $
 #
 # GENERIC machine description file
 #
@@ -22,7 +22,7 @@ include 	"arch/i386/conf/std.i386"
 
 options 	INCLUDE_CONFIG_FILE	# embed config file in kernel binary
 
-#ident		"GENERIC-$Revision: 1.1156.2.5 $"
+#ident		"GENERIC-$Revision: 1.1156.2.6 $"
 
 maxusers	64		# estimated number of users
 
@@ -145,7 +145,7 @@ options 	COMPAT_43	# 4.3BSD, 386BSD, and
 
 options 	COMPAT_OSSAUDIO	# OSS (Voxware) audio driver compatibility
 #options 	COMPAT_SVR4	# binary compatibility with SVR4
-options 	COMPAT_IBCS2	# binary compatibility with SCO and ISC
+#options 	COMPAT_IBCS2	# binary compatibility with SCO and ISC
 options 	COMPAT_LINUX	# binary compatibility with Linux
 #options 	COMPAT_FREEBSD	# binary compatibility with FreeBSD
 #options 	COMPAT_NDIS	# NDIS network driver

Index: src/sys/arch/i386/conf/XEN3_DOM0
diff -u src/sys/arch/i386/conf/XEN3_DOM0:1.112.4.4 src/sys/arch/i386/conf/XEN3_DOM0:1.112.4.5
--- src/sys/arch/i386/conf/XEN3_DOM0:1.112.4.4	Thu Aug 31 08:41:33 2017
+++ src/sys/arch/i386/conf/XEN3_DOM0	Mon Sep 11 05:13:45 2017
@@ -1,4 +1,4 @@
-#	$NetBSD: XEN3_DOM0,v 1.112.4.4 2017/08/31 08:41:33 bouyer Exp $
+#	$NetBSD: XEN3_DOM0,v 1.112.4.5 2017/09/11 05:13:45 snj Exp $
 #
 #	XEN3_0: Xen 3.0 domain0 kernel
 
@@ -98,7 +98,7 @@ options 	COMPAT_386BSD_MBRPART # recogni
 
 options 	COMPAT_OSSAUDIO	# OSS (Voxware) audio driver compatibility
 #options 	COMPAT_SVR4	# binary compatibility with SVR4
-options 	COMPAT_IBCS2	# binary compatibility with SCO and ISC
+#options 	COMPAT_IBCS2	# binary compatibility with SCO and ISC
 options 	COMPAT_LINUX	# binary compatibility with Linux
 #options 	COMPAT_FREEBSD	# binary compatibility with FreeBSD
 options 	COMPAT_BSDPTY	# /dev/[pt]ty?? ptys.

Index: src/sys/arch/i386/conf/XEN3_DOMU
diff -u src/sys/arch/i386/conf/XEN3_DOMU:1.77.2.3 src/sys/arch/i386/conf/XEN3_DOMU:1.77.2.4
--- src/sys/arch/i386/conf/XEN3_DOMU:1.77.2.3	Thu Aug 31 08:41:33 2017
+++ src/sys/arch/i386/conf/XEN3_DOMU	Mon Sep 11 05:13:45 2017
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOMU,v 1.77.2.3 2017/08/31 08:41:33 bouyer Exp $
+# $NetBSD: XEN3_DOMU,v 1.77.2.4 2017/09/11 05:13:45 snj Exp $
 
 include 	"arch/xen/conf/std.xen"
 
@@ -82,7 +82,7 @@ options 	COMPAT_386BSD_MBRPART # recogni
 
 options 	COMPAT_OSSAUDIO	# OSS (Voxware) audio driver compatibility
 #options 	COMPAT_SVR4	# binary compatibility with SVR4
-options 	COMPAT_IBCS2	# binary compatibility with SCO and ISC
+#options 	COMPAT_IBCS2	# binary compatibility with SCO and ISC
 options 	COMPAT_LINUX	# binary compatibility with Linux
 #options 	COMPAT_FREEBSD	# binary compatibility with FreeBSD
 options 	COMPAT_BSDPTY	# /dev/[pt]ty?? ptys.

Index: src/sys/kern/kern_exec.c
diff -u src/sys/kern/kern_exec.c:1.442.4.1 src/sys/kern/kern_exec.c:1.442.4.2
--- src/sys/kern/kern_exec.c:1.442.4.1	Thu Aug 31 08:41:33 2017
+++ src/sys/kern/kern_exec.c	Mon Sep 11 05:13:45 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: kern_exec.c,v 1.442.4.1 2017/08/31 08:41:33 bouyer Exp $	*/
+/*	$NetBSD: kern_exec.c,v 1.442.4.2 2017/09/11 05:13:45 snj Exp $	*/
 
 /*-
  * Copyright (c) 2008 The NetBSD Foundation, Inc.
@@ -59,7 +59,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.442.4.1 2017/08/31 08:41:33 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_exec.c,v 1.442.4.2 2017/09/11 05:13:45 snj Exp $");
 
 #include "opt_exec.h"
 #include "opt_execfmt.h"
@@ -578,8 +578,6 @@ exec_autoload(void)
 		"exec_coff",
 		"exec_ecoff",
 		"compat_aoutm68k",
-		"compat_freebsd",
-		"compat_ibcs2",
 		"compat_linux",
 		"compat_linux32",
 		"compat_netbsd32",

Reply via email to