All of lore.kernel.org
 help / color / mirror / Atom feed
From: Stas Sergeev <stsp@list.ru>
To: Chuck Ebbert <cebbert.lkml@gmail.com>
Cc: Austin S Hemmelgarn <ahferroin7@gmail.com>,
	Andy Lutomirski <luto@amacapital.net>,
	Josh Boyer <jwboyer@fedoraproject.org>,
	linux-kernel@vger.kernel.org,
	"Andrew Bird (Sphere Systems)" <ajb@spheresystems.co.uk>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Ingo Molnar <mingo@kernel.org>, Kees Cook <keescook@chromium.org>,
	Brian Gerst <brgerst@gmail.com>
Subject: Re: stop breaking dosemu (Re: x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n')
Date: Fri, 4 Sep 2015 13:46:19 +0300	[thread overview]
Message-ID: <55E9767B.2020501@list.ru> (raw)
In-Reply-To: <20150904060933.229b5b06@as>

04.09.2015 13:09, Chuck Ebbert пишет:
> On Fri, 4 Sep 2015 00:28:04 +0300
> Stas Sergeev <stsp@list.ru> wrote:
> 
>> 03.09.2015 21:51, Austin S Hemmelgarn пишет:
>>> There are servers out there that have this enabled and _never_ use it 
>>> at all,
>> Unless I am mistaken, servers usually use special flavour of the
>> distro (different from desktop install), where of course this will
>> be disabled _compile time_.
> Many (most?) distros use just one kernel for everything, because it's
> just too much work to have a separate flavor for servers.
But for example menuconfig promotes CONFIG_PREEMPT_NONE for server
and CONFIG_PREEMPT for desktop. Also perhaps server would need an
lts version rather than latest.
I wonder if RHEL Server offers the generic desktop-suited kernel
with vm86() enabled?

In any case, if there is some generic mechanism to selectively
disable syscalls at run-time for server, then vm86() is of course
a good candidate. I wonder how many other syscalls are currently
run-time controlled? (those that are not marked as an "attack surface"
and defaulted to Y; I suppose the "attack surface" is currently only vm86())

  reply	other threads:[~2015-09-04 10:46 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-09-02  9:37 stop breaking dosemu (Re: x86/kconfig/32: Rename CONFIG_VM86 and default it to 'n') Stas Sergeev
2015-09-02 14:08 ` Andy Lutomirski
2015-09-02 15:31   ` Kees Cook
2015-09-02 17:30   ` Stas Sergeev
2015-09-02 17:46   ` Josh Boyer
2015-09-02 17:50     ` Stas Sergeev
2015-09-02 20:22       ` Josh Boyer
2015-09-02 20:47         ` Stas Sergeev
2015-09-02 20:55           ` Andy Lutomirski
2015-09-02 20:59             ` Josh Boyer
2015-09-02 21:12             ` Stas Sergeev
2015-09-02 21:40               ` Andy Lutomirski
2015-09-02 21:53                 ` Stas Sergeev
2015-09-03 12:11                   ` Austin S Hemmelgarn
2015-09-03 12:15                     ` Stas Sergeev
2015-09-03 15:44                       ` Austin S Hemmelgarn
2015-09-03 16:34                         ` Stas Sergeev
2015-09-03 18:51                           ` Austin S Hemmelgarn
2015-09-03 21:28                             ` Stas Sergeev
2015-09-04 10:09                               ` Chuck Ebbert
2015-09-04 10:46                                 ` Stas Sergeev [this message]
2015-09-04 12:34                                   ` Austin S Hemmelgarn
2015-09-04 13:06                                     ` Stas Sergeev
2015-09-04 19:51                                       ` Austin S Hemmelgarn
2015-09-04 21:16                                         ` Stas Sergeev
2015-09-04 21:30                                           ` Stas Sergeev
2015-09-04 22:46                                             ` Raymond Jennings
2015-09-04 23:18                                               ` Stas Sergeev
2015-09-03 22:39                             ` Stas Sergeev
2015-09-03 16:57                         ` Linus Torvalds
2015-09-03 17:19                           ` Stas Sergeev
2015-09-03 17:21                             ` Andy Lutomirski
2015-09-03 17:34                               ` Stas Sergeev
2015-09-03 17:13                         ` Stas Sergeev
2015-09-03 12:01               ` Austin S Hemmelgarn
2015-09-03 12:09                 ` Stas Sergeev
2015-09-02 17:52     ` Kees Cook
2015-09-02 20:25       ` Josh Boyer
2015-09-02 18:19     ` Andy Lutomirski
2015-09-02 20:26       ` Josh Boyer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=55E9767B.2020501@list.ru \
    --to=stsp@list.ru \
    --cc=ahferroin7@gmail.com \
    --cc=ajb@spheresystems.co.uk \
    --cc=brgerst@gmail.com \
    --cc=cebbert.lkml@gmail.com \
    --cc=jwboyer@fedoraproject.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mingo@kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.