Re: [PATCH v4 2/3] x86/ldt: Make modify_ldt optional

From: Willy Tarreau
Date: Sat Jul 25 2015 - 12:36:17 EST

Next message: Alexey Khoroshilov: "[PATCH] mtd: gpio-addr-flash: add missing iounmap in probe/remove"
Previous message: Willy Tarreau: "Re: [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime"
In reply to: Andy Lutomirski: "Re: [PATCH v4 2/3] x86/ldt: Make modify_ldt optional"
Next in thread: Willy Tarreau: "Re: [PATCH v4 0/3] x86: modify_ldt improvement, test, and config option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jul 25, 2015 at 09:03:54AM -0700, Andy Lutomirski wrote:
> On Sat, Jul 25, 2015 at 2:15 AM, Borislav Petkov <bp@xxxxxxxxx> wrote:
> > Is that "default y" going to turn into a "default n" after a grace
> > period?
>
> Let's see how Willy's default-off sysctl plays out. In the long run,
> maybe we'll have it compiled in but runtime-disabled by default.

That's the purpose at least at the beginning.

> There's a big community of users who *really* like using Wine :)

If distro vendors are willing to document a sysctl setting in order
to be able to use Wine in exchange for better security, I'm sure most
users will still prefer to stay safe.

Willy

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alexey Khoroshilov: "[PATCH] mtd: gpio-addr-flash: add missing iounmap in probe/remove"
Previous message: Willy Tarreau: "Re: [PATCH 4/3] x86/ldt: allow to disable modify_ldt at runtime"
In reply to: Andy Lutomirski: "Re: [PATCH v4 2/3] x86/ldt: Make modify_ldt optional"
Next in thread: Willy Tarreau: "Re: [PATCH v4 0/3] x86: modify_ldt improvement, test, and config option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]