From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1758541AbbIDMev (ORCPT <rfc822;w@1wt.eu>);
	Fri, 4 Sep 2015 08:34:51 -0400
Received: from mail-io0-f182.google.com ([209.85.223.182]:34576 "EHLO
	mail-io0-f182.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752296AbbIDMeu (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 4 Sep 2015 08:34:50 -0400
Subject: Re: stop breaking dosemu (Re: x86/kconfig/32: Rename CONFIG_VM86 and
 default it to 'n')
To: Stas Sergeev <stsp@list.ru>, Chuck Ebbert <cebbert.lkml@gmail.com>
References: <55E6C36F.6080309@list.ru>
 <CALCETrX4rqttiZc1P5aVT3f2teg0iBzPytnJ=RRxNQaEMLGvKQ@mail.gmail.com>
 <CA+5PVA5aaK0HuzcfG_2KOMwqOHrPWmU988t+FbDUj6ffdAeDng@mail.gmail.com>
 <55E736E9.2000201@list.ru>
 <CA+5PVA5wee-vWidxHvycTr0KCXh0KtL6GFe5KHHheeLhhuDCWQ@mail.gmail.com>
 <55E7607B.4070800@list.ru>
 <CALCETrXecRAhk1WtipTjn64AoL1OoGGfAV1x-StgZkJzhfxbvQ@mail.gmail.com>
 <55E7663B.30402@list.ru>
 <CALCETrX=Pf5TVbBn4u2U0pfXC0XECtbw1DmdvAaTZ-wQDjk+QQ@mail.gmail.com>
 <55E76FCB.7090304@list.ru> <55E838E6.8060205@gmail.com>
 <55E839C7.8010501@list.ru> <55E86AF7.3090200@gmail.com>
 <55E8767A.7000408@list.ru> <55E896C7.1010500@gmail.com>
 <55E8BB64.3020906@list.ru> <20150904060933.229b5b06@as>
 <55E9767B.2020501@list.ru>
Cc: Andy Lutomirski <luto@amacapital.net>,
        Josh Boyer <jwboyer@fedoraproject.org>, linux-kernel@vger.kernel.org,
        "Andrew Bird (Sphere Systems)" <ajb@spheresystems.co.uk>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Ingo Molnar <mingo@kernel.org>, Kees Cook <keescook@chromium.org>,
        Brian Gerst <brgerst@gmail.com>
From: Austin S Hemmelgarn <ahferroin7@gmail.com>
Message-ID: <55E98FD7.8020809@gmail.com>
Date: Fri, 4 Sep 2015 08:34:31 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.2.0
MIME-Version: 1.0
In-Reply-To: <55E9767B.2020501@list.ru>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-512; boundary="------------ms040404070401020303070009"
X-Antivirus: avast! (VPS 150904-0, 2015-09-04), Outbound message
X-Antivirus-Status: Clean
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

This is a cryptographically signed message in MIME format.

--------------ms040404070401020303070009
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

On 2015-09-04 06:46, Stas Sergeev wrote:
> 04.09.2015 13:09, Chuck Ebbert =D0=BF=D0=B8=D1=88=D0=B5=D1=82:
>> On Fri, 4 Sep 2015 00:28:04 +0300
>> Stas Sergeev <stsp@list.ru> wrote:
>>
>>> 03.09.2015 21:51, Austin S Hemmelgarn =D0=BF=D0=B8=D1=88=D0=B5=D1=82:=

>>>> There are servers out there that have this enabled and _never_ use i=
t
>>>> at all,
>>> Unless I am mistaken, servers usually use special flavour of the
>>> distro (different from desktop install), where of course this will
>>> be disabled _compile time_.
>> Many (most?) distros use just one kernel for everything, because it's
>> just too much work to have a separate flavor for servers.
> But for example menuconfig promotes CONFIG_PREEMPT_NONE for server
> and CONFIG_PREEMPT for desktop. Also perhaps server would need an
> lts version rather than latest.
> I wonder if RHEL Server offers the generic desktop-suited kernel
> with vm86() enabled?
>
> In any case, if there is some generic mechanism to selectively
> disable syscalls at run-time for server, then vm86() is of course
> a good candidate. I wonder how many other syscalls are currently
> run-time controlled? (those that are not marked as an "attack surface"
> and defaulted to Y; I suppose the "attack surface" is currently only vm=
86())
>
OK, I think I need to clarify something here.

The attack surface of a given system refers to the number of different=20
ways that someone could potentially attack that system.  An individual=20
syscall is not in itself an attack surface, but is part of the attack=20
surface for the whole system.  One of the core concepts of proactive=20
security is to minimize the attack surface, because the fewer ways=20
someone could possibly attack you, the less likely it is that they will=20
succeed.

I however, referred to vm86 as a potential attack vector, which refers=20
one way in which someone could attempt to attack the system (be it=20
through arbitrary code execution , privilege escalation, or some other=20
type of exploit), note that something does not need to have a known=20
exploit to be classified as a potential attack vector (most black hat's=20
out there will keep quiet about discovered exploits until they can=20
actually make use of them themselves).  By their very definition, every=20
single site that userspace can call into the kernel is a _potential_=20
attack vector, including vm86().  vm86() is one of the more attractive=20
syscalls to attempt to use as an attack vector on 32-bit x86 systems=20
because it's relatively unaudited, significantly modifies the execution=20
state of the processor, and is available on a majority of 32-bit x85=20
systems in the wild.  This does not mean that it is exploitable=20
directly, just that it's a possible target for an exploit.


--------------ms040404070401020303070009
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature

MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgMFADCABgkqhkiG9w0BBwEAAKCC
Brgwgga0MIIEnKADAgECAgMQblUwDQYJKoZIhvcNAQENBQAweTEQMA4GA1UEChMHUm9vdCBD
QTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNp
Z25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcwHhcN
MTUwMzI1MTkzNDM4WhcNMTUwOTIxMTkzNDM4WjBjMRgwFgYDVQQDEw9DQWNlcnQgV29UIFVz
ZXIxIzAhBgkqhkiG9w0BCQEWFGFoZmVycm9pbjdAZ21haWwuY29tMSIwIAYJKoZIhvcNAQkB
FhNhaGVtbWVsZ0BvaGlvZ3QuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
nQ/81tq0QBQi5w316VsVNfjg6kVVIMx760TuwA1MUaNQgQ3NyUl+UyFtjhpkNwwChjgAqfGd
LIMTHAdObcwGfzO5uI2o1a8MHVQna8FRsU3QGouysIOGQlX8jFYXMKPEdnlt0GoQcd+BtESr
pivbGWUEkPs1CwM6WOrs+09bAJP3qzKIr0VxervFrzrC5Dg9Rf18r9WXHElBuWHg4GYHNJ2V
Ab8iKc10h44FnqxZK8RDN8ts/xX93i9bIBmHnFfyNRfiOUtNVeynJbf6kVtdHP+CRBkXCNRZ
qyQT7gbTGD24P92PS2UTmDfplSBcWcTn65o3xWfesbf02jF6PL3BCrVnDRI4RgYxG3zFBJuG
qvMoEODLhHKSXPAyQhwZINigZNdw5G1NqjXqUw+lIqdQvoPijK9J3eijiakh9u2bjWOMaleI
SMRR6XsdM2O5qun1dqOrCgRkM0XSNtBQ2JjY7CycIx+qifJWsRaYWZz0aQU4ZrtAI7gVhO9h
pyNaAGjvm7PdjEBiXq57e4QcgpwzvNlv8pG1c/hnt0msfDWNJtl3b6elhQ2Pz4w/QnWifZ8E
BrFEmjeeJa2dqjE3giPVWrsH+lOvQQONsYJOuVb8b0zao4vrWeGmW2q2e3pdv0Axzm/60cJQ
haZUv8+JdX9ZzqxOm5w5eUQSclt84u+D+hsCAwEAAaOCAVkwggFVMAwGA1UdEwEB/wQCMAAw
VgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3IgRlJFRSBo
ZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBABgNV
HSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG
SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2Vy
dC5vcmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5j
cmwwNAYDVR0RBC0wK4EUYWhmZXJyb2luN0BnbWFpbC5jb22BE2FoZW1tZWxnQG9oaW9ndC5j
b20wDQYJKoZIhvcNAQENBQADggIBABr5e8W+NiTER+Q/7wiA2LxWN3UdhT3eZJjqqSlP370P
KL5iWqeTfxQ67Ai/mHbJcT2PgAJ+/D2Ji+aRR03UWnU/vtOwzyDLUMstqnfl0Zs+sz/CJe7x
nBA5jlpjC2DKuMVfbPze7eySaen7XSGFHKE1QoVIIpQ2kVjC4nbbJQnUbAVX1Iz29WxeVGt9
XYigz3tDPf3tglN+q23E7YjQl4abTIoM7i98yV1H9gfY8lFfKZ6jREB9+n6ie2EwS3Kat2mG
tl2wBx4MfRnoSQSKsLKQ5oTwhWf0JqlFwpLfl374p0Njcykej9/jnWG8Ks1V/AXTHqI4eyIP
Mf5yMZkPv7n7LS9WWKdG4Nd38iv4T2EiAaWsmgu+r81qL5CJu9AyA0SBS4ttKf6k3e63w2Mv
N9R45vpQ3QhAhfWyFxFhZN95APe3YECDG3+XIRJpRYPEtHuIsOyzI70ajF93gg/BidvqKsmV
MM2ccktDMfqwZXea6zey7F8Geu9R7BqjXmG2HlNuXu7e/xnHOgXf5D3wPmnRLlBhXL1Ch97a
w2KjaupjpAHfFjv5kGnZXN87UvvlwzIZiKXwa3vTDwK+rrKn/sHPkfDZPSiyt/ZBIK6lX83P
34H/CzGg+Kx57rHYOIHGumIvpDa5vfWp8O0sGgawb1C2Aae4sTUVIWmIjVuGI062MYIE0TCC
BM0CAQEwgYAweTEQMA4GA1UEChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNl
cnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcN
AQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxBuVTANBglghkgBZQMEAgMFAKCCAiEwGAYJKoZI
hvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTUwOTA0MTIzNDMxWjBPBgkq
hkiG9w0BCQQxQgRA1329YwVoWRA7Zv1t4YZCODAmUNT7+C4OuAiRiWTf/o10gYwOXL6oi3Op
o5Lk7LIqxlh2GquiVo0KzDSRWiYgJTBsBgkqhkiG9w0BCQ8xXzBdMAsGCWCGSAFlAwQBKjAL
BglghkgBZQMEAQIwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA
MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMIGRBgkrBgEEAYI3EAQxgYMwgYAweTEQMA4GA1UE
ChMHUm9vdCBDQTEeMBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlD
QSBDZXJ0IFNpZ25pbmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2Vy
dC5vcmcCAxBuVTCBkwYLKoZIhvcNAQkQAgsxgYOggYAweTEQMA4GA1UEChMHUm9vdCBDQTEe
MBwGA1UECxMVaHR0cDovL3d3dy5jYWNlcnQub3JnMSIwIAYDVQQDExlDQSBDZXJ0IFNpZ25p
bmcgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QGNhY2VydC5vcmcCAxBuVTAN
BgkqhkiG9w0BAQEFAASCAgCIzeb9KRZRZfp0gV3a0IPkw12UCyfiWZ7QInyzn/VR1Xr9CRBF
oWhsqGdvY4unCEM73h+tkMn3umJSmzF6YiRqv9fk4mpc/UPW6Gb9gsDYP0RZX2eRRuY94ayu
OuR4u4NXs3VD21+qSg28/aZUJmbzjSQggn+Ob52SNuP/chZL3SGNjyfcwDErC7gQ/JZiCESV
sA16OMX/OIIINuQEBkGp1GRvQWhJOWXLCfA1EdtY3t6uHQpbsTTvegtXsKC/ROS0YdZo6k0W
1eaECe2LATR51GkuaB0H0V+KS8UTryoaeYp0Nb9L2GoeVhygKhVnLeZ0/iZXBQxicRsxmBC9
jqAADS6F05L7kXNt8uRT6w7saWFomoJkfDyo0kigtziVMi7Tnzr7t3AOcfMRaCbpCQHUQr6O
Tmx3vKwn5x3ZAyDD1VQeBIsSFSu64/rKmn12V2j91EssD8j4aV+KBrNlDXRBrkC0ecWm+9QZ
imQVxpFgxc9D1wLR+MPPRLOzqoIs1vxKbf5W+5Rr3hLGGdL9ZwSatdH4IqAGRRd3jbEYkyF4
1XsqtfceogSm11nHCzfGv6eiDRrcGzg63Cp6Dc7omeQQl+j5ulbrdUyUL78h6z8hNIH2iwbp
fh814BV3Xnlv6erTRPm4eF/X+wyuRDgVcztQRBcZmS4eNXy3R4k/VVUaegAAAAAAAA==
--------------ms040404070401020303070009--