From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1758794AbbIDKqa (ORCPT <rfc822;w@1wt.eu>);
	Fri, 4 Sep 2015 06:46:30 -0400
Received: from smtp21.mail.ru ([94.100.179.250]:55259 "EHLO smtp21.mail.ru"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751592AbbIDKq3 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Fri, 4 Sep 2015 06:46:29 -0400
Subject: Re: stop breaking dosemu (Re: x86/kconfig/32: Rename CONFIG_VM86 and
 default it to 'n')
To: Chuck Ebbert <cebbert.lkml@gmail.com>
References: <55E6C36F.6080309@list.ru>
 <CALCETrX4rqttiZc1P5aVT3f2teg0iBzPytnJ=RRxNQaEMLGvKQ@mail.gmail.com>
 <CA+5PVA5aaK0HuzcfG_2KOMwqOHrPWmU988t+FbDUj6ffdAeDng@mail.gmail.com>
 <55E736E9.2000201@list.ru>
 <CA+5PVA5wee-vWidxHvycTr0KCXh0KtL6GFe5KHHheeLhhuDCWQ@mail.gmail.com>
 <55E7607B.4070800@list.ru>
 <CALCETrXecRAhk1WtipTjn64AoL1OoGGfAV1x-StgZkJzhfxbvQ@mail.gmail.com>
 <55E7663B.30402@list.ru>
 <CALCETrX=Pf5TVbBn4u2U0pfXC0XECtbw1DmdvAaTZ-wQDjk+QQ@mail.gmail.com>
 <55E76FCB.7090304@list.ru> <55E838E6.8060205@gmail.com>
 <55E839C7.8010501@list.ru> <55E86AF7.3090200@gmail.com>
 <55E8767A.7000408@list.ru> <55E896C7.1010500@gmail.com>
 <55E8BB64.3020906@list.ru> <20150904060933.229b5b06@as>
Cc: Austin S Hemmelgarn <ahferroin7@gmail.com>,
        Andy Lutomirski <luto@amacapital.net>,
        Josh Boyer <jwboyer@fedoraproject.org>, linux-kernel@vger.kernel.org,
        "Andrew Bird (Sphere Systems)" <ajb@spheresystems.co.uk>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Ingo Molnar <mingo@kernel.org>, Kees Cook <keescook@chromium.org>,
        Brian Gerst <brgerst@gmail.com>
From: Stas Sergeev <stsp@list.ru>
X-Enigmail-Draft-Status: N1110
Message-ID: <55E9767B.2020501@list.ru>
Date: Fri, 4 Sep 2015 13:46:19 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <20150904060933.229b5b06@as>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Mras: Ok
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

04.09.2015 13:09, Chuck Ebbert пишет:
> On Fri, 4 Sep 2015 00:28:04 +0300
> Stas Sergeev <stsp@list.ru> wrote:
> 
>> 03.09.2015 21:51, Austin S Hemmelgarn пишет:
>>> There are servers out there that have this enabled and _never_ use it 
>>> at all,
>> Unless I am mistaken, servers usually use special flavour of the
>> distro (different from desktop install), where of course this will
>> be disabled _compile time_.
> Many (most?) distros use just one kernel for everything, because it's
> just too much work to have a separate flavor for servers.
But for example menuconfig promotes CONFIG_PREEMPT_NONE for server
and CONFIG_PREEMPT for desktop. Also perhaps server would need an
lts version rather than latest.
I wonder if RHEL Server offers the generic desktop-suited kernel
with vm86() enabled?

In any case, if there is some generic mechanism to selectively
disable syscalls at run-time for server, then vm86() is of course
a good candidate. I wonder how many other syscalls are currently
run-time controlled? (those that are not marked as an "attack surface"
and defaulted to Y; I suppose the "attack surface" is currently only vm86())