Re: [RFC] selftests/x86: Add test_vsyscall

From: Andy Lutomirski
Date: Fri Jan 05 2018 - 12:53:43 EST

Next message: jacopo mondi: "Re: [PATCH v3 1/9] dt-bindings: media: Add Renesas CEU bindings"
Previous message: Greg Kroah-Hartman: "Re: [PATCH 4.4 00/37] 4.4.110-stable review"
In reply to: Borislav Petkov: "Re: [RFC] selftests/x86: Add test_vsyscall"
Next in thread: Borislav Petkov: "Re: [RFC] selftests/x86: Add test_vsyscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 5, 2018 at 4:33 AM, Borislav Petkov <bp@xxxxxxxxx> wrote:
> On Thu, Jan 04, 2018 at 09:38:37PM -0800, Andy Lutomirski wrote:
>> Also, I want to add vsyscall=emulate_noread that makes the vsyscall
>> page be --x. And I want to add a per-process option to turn off
>> vsyscalls.
>
> What for?
>
> It sounds like a bunch of work for something which is deprecated
> anyway...
>

emulate_noread would avoid one exploit technique that Kees saw
somewhere. And per-process disablement would let a system remain
compatible with old binaries without reducing security for newer
binaries.

Next message: jacopo mondi: "Re: [PATCH v3 1/9] dt-bindings: media: Add Renesas CEU bindings"
Previous message: Greg Kroah-Hartman: "Re: [PATCH 4.4 00/37] 4.4.110-stable review"
In reply to: Borislav Petkov: "Re: [RFC] selftests/x86: Add test_vsyscall"
Next in thread: Borislav Petkov: "Re: [RFC] selftests/x86: Add test_vsyscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]