Re: [PATCH v2 08/10] x86-64: Emulate vsyscalls

From: Ingo Molnar
Date: Mon May 30 2011 - 03:46:32 EST

Next message: Greg KH: "Re: [PATCH] 8250_pci: add -ENODEV code for Intel EG20T PCH"
Previous message: KOSAKI Motohiro: "Re: [PATCH v2 1/3] vmscan,memcg: memcg aware swap token"
In reply to: Andrew Lutomirski: "Re: [PATCH v2 08/10] x86-64: Emulate vsyscalls"
Next in thread: Andrew Lutomirski: "Re: [PATCH v2 08/10] x86-64: Emulate vsyscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Andy Lutomirski <luto@xxxxxxx> wrote:

> There's a fair amount of code in the vsyscall page, and who knows
> what will happen if an exploit jumps into the middle of it. Reduce
> the risk by replacing most of it with short magic incantations that
> are useless if entered in the middle. This change can be disabled
> by CONFIG_UNSAFE_VSYSCALLS (default y).

btw., please flip the default or consider removing the option
altogether.

We want to improve security and we want safe vsyscalls the default,
and it's no good if we make it too easy for users to keep the fire
door open all the time! :-)

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: [PATCH] 8250_pci: add -ENODEV code for Intel EG20T PCH"
Previous message: KOSAKI Motohiro: "Re: [PATCH v2 1/3] vmscan,memcg: memcg aware swap token"
In reply to: Andrew Lutomirski: "Re: [PATCH v2 08/10] x86-64: Emulate vsyscalls"
Next in thread: Andrew Lutomirski: "Re: [PATCH v2 08/10] x86-64: Emulate vsyscalls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]