On Thu, Aug 03, 2017 at 01:23:17AM +0200, Emmanuel Dreyfus wrote: > Taylor R Campbell <campbell+netbsd-tech-k...@mumble.net> wrote: > > Once every compatibility module would not loaded by default, pehaps the > compat_xxx module could be loaded automatically if /emul/xxx/ exists? > > The presence of that hierarchy means the system administrator really > meant to use compat_xxx, and it would avoid breaking existing system at > upgrade time.
Sounds good. By the way, isn't that what happens in practice anyway? the only way to reach the COMPAT_OTHEROS code is to first exec a binary, which looks for an interpreter in /emul/otheros. If one doesn't exist, exec will fail. I would feel more assured if COMPAT_SVR4 didn't exist in my kernels, but I suspect the vulnerability doesn't affect me.