Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

Den 14/11/2016 11:59, skrev One Thousand Gnomes: Is anyone actually still using DOSemu these days or are people all using DOSbox ? Alan One thing lacking from DOSbox is TCP/IP networking. -- Hilsen Harald

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

Den 14/11/2016 11:59, skrev One Thousand Gnomes: Is anyone actually still using DOSemu these days or are people all using DOSbox ? Alan One thing lacking from DOSbox is TCP/IP networking. -- Hilsen Harald

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

> I took a closer look at the dosemu code. It appears that it does not That doesn't tell you want DOS itself will try and do... > purposely utilize SGDT to obtain the descriptor table while in vm86. It > does use SGDT (in protected mode) to emulate certain functionality such > as the Virtual xxx

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

> I took a closer look at the dosemu code. It appears that it does not That doesn't tell you want DOS itself will try and do... > purposely utilize SGDT to obtain the descriptor table while in vm86. It > does use SGDT (in protected mode) to emulate certain functionality such > as the Virtual xxx

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Fri, 2016-11-11 at 23:51 +0300, Stas Sergeev wrote: > 11.11.2016 07:14, Ricardo Neri пишет: > >> 10.11.2016 09:46, Ricardo Neri пишет: > >>> I took a closer look at the dosemu code. It appears that it does not > >>> purposely utilize SGDT to obtain the descriptor table while in vm86. It > >>>

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Fri, 2016-11-11 at 23:51 +0300, Stas Sergeev wrote: > 11.11.2016 07:14, Ricardo Neri пишет: > >> 10.11.2016 09:46, Ricardo Neri пишет: > >>> I took a closer look at the dosemu code. It appears that it does not > >>> purposely utilize SGDT to obtain the descriptor table while in vm86. It > >>>

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

11.11.2016 07:14, Ricardo Neri пишет: 10.11.2016 09:46, Ricardo Neri пишет: I took a closer look at the dosemu code. It appears that it does not purposely utilize SGDT to obtain the descriptor table while in vm86. It does use SGDT (in protected mode) to emulate certain functionality such as the

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

11.11.2016 07:14, Ricardo Neri пишет: 10.11.2016 09:46, Ricardo Neri пишет: I took a closer look at the dosemu code. It appears that it does not purposely utilize SGDT to obtain the descriptor table while in vm86. It does use SGDT (in protected mode) to emulate certain functionality such as the

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Thu, 2016-11-10 at 11:52 +0300, Stas Sergeev wrote: > Hi! > > I don't know the context of that discussion, so I'll only > comment on the dosemu part. I'm sorry! I will cc you and the linux-msdos list in my v2. > > 10.11.2016 09:46, Ricardo Neri пишет: > > I took a closer look at the dosemu

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Thu, 2016-11-10 at 11:52 +0300, Stas Sergeev wrote: > Hi! > > I don't know the context of that discussion, so I'll only > comment on the dosemu part. I'm sorry! I will cc you and the linux-msdos list in my v2. > > 10.11.2016 09:46, Ricardo Neri пишет: > > I took a closer look at the dosemu

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

Hi! I don't know the context of that discussion, so I'll only comment on the dosemu part. 10.11.2016 09:46, Ricardo Neri пишет: I took a closer look at the dosemu code. It appears that it does not purposely utilize SGDT to obtain the descriptor table while in vm86. It does use SGDT (in

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

Hi! I don't know the context of that discussion, so I'll only comment on the dosemu part. 10.11.2016 09:46, Ricardo Neri пишет: I took a closer look at the dosemu code. It appears that it does not purposely utilize SGDT to obtain the descriptor table while in vm86. It does use SGDT (in

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Wed, 2016-11-09 at 03:05 -0800, Andy Lutomirski wrote: > On Tue, Nov 8, 2016 at 8:31 PM, Ricardo Neri > wrote: > > On Tue, 2016-11-08 at 07:34 -0800, Andy Lutomirski wrote: > >> > Would it not be better to emulate these instructions for them? What > >>

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Wed, 2016-11-09 at 03:05 -0800, Andy Lutomirski wrote: > On Tue, Nov 8, 2016 at 8:31 PM, Ricardo Neri > wrote: > > On Tue, 2016-11-08 at 07:34 -0800, Andy Lutomirski wrote: > >> > Would it not be better to emulate these instructions for them? What > >> way > >> > we can verify they're not

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, Nov 8, 2016 at 8:31 PM, Ricardo Neri wrote: > On Tue, 2016-11-08 at 07:34 -0800, Andy Lutomirski wrote: >> > Would it not be better to emulate these instructions for them? What >> way >> > we can verify they're not malicious. >> >> Forget malice --

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, Nov 8, 2016 at 8:31 PM, Ricardo Neri wrote: > On Tue, 2016-11-08 at 07:34 -0800, Andy Lutomirski wrote: >> > Would it not be better to emulate these instructions for them? What >> way >> > we can verify they're not malicious. >> >> Forget malice -- if they are really needed for some silly

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, 2016-11-08 at 07:34 -0800, Andy Lutomirski wrote: > > Would it not be better to emulate these instructions for them? What > way > > we can verify they're not malicious. > > Forget malice -- if they are really needed for some silly vm86-using > program, let's trap them and emulate them so

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, 2016-11-08 at 07:34 -0800, Andy Lutomirski wrote: > > Would it not be better to emulate these instructions for them? What > way > > we can verify they're not malicious. > > Forget malice -- if they are really needed for some silly vm86-using > program, let's trap them and emulate them so

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, 2016-11-08 at 17:52 +0100, Thomas Gleixner wrote: > On Tue, 8 Nov 2016, Andy Lutomirski wrote: > > On Tue, Nov 8, 2016 at 5:16 AM, Peter Zijlstra wrote: > > > On Mon, Nov 07, 2016 at 10:12:09PM -0800, Ricardo Neri wrote: > > >> There is a caveat, however. Certain

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, 2016-11-08 at 17:52 +0100, Thomas Gleixner wrote: > On Tue, 8 Nov 2016, Andy Lutomirski wrote: > > On Tue, Nov 8, 2016 at 5:16 AM, Peter Zijlstra wrote: > > > On Mon, Nov 07, 2016 at 10:12:09PM -0800, Ricardo Neri wrote: > > >> There is a caveat, however. Certain applications running in

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, 8 Nov 2016, Andy Lutomirski wrote: > On Tue, Nov 8, 2016 at 5:16 AM, Peter Zijlstra wrote: > > On Mon, Nov 07, 2016 at 10:12:09PM -0800, Ricardo Neri wrote: > >> There is a caveat, however. Certain applications running in virtual-8086 > >> mode, such as DOSEMU[1] and

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, 8 Nov 2016, Andy Lutomirski wrote: > On Tue, Nov 8, 2016 at 5:16 AM, Peter Zijlstra wrote: > > On Mon, Nov 07, 2016 at 10:12:09PM -0800, Ricardo Neri wrote: > >> There is a caveat, however. Certain applications running in virtual-8086 > >> mode, such as DOSEMU[1] and Wine[2], want to

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, Nov 8, 2016 at 5:16 AM, Peter Zijlstra wrote: > On Mon, Nov 07, 2016 at 10:12:09PM -0800, Ricardo Neri wrote: >> There is a caveat, however. Certain applications running in virtual-8086 >> mode, such as DOSEMU[1] and Wine[2], want to utilize the SGDT, SIDT and >>

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Tue, Nov 8, 2016 at 5:16 AM, Peter Zijlstra wrote: > On Mon, Nov 07, 2016 at 10:12:09PM -0800, Ricardo Neri wrote: >> There is a caveat, however. Certain applications running in virtual-8086 >> mode, such as DOSEMU[1] and Wine[2], want to utilize the SGDT, SIDT and >> SLDT instructions for

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Mon, Nov 07, 2016 at 10:12:09PM -0800, Ricardo Neri wrote: > There is a caveat, however. Certain applications running in virtual-8086 > mode, such as DOSEMU[1] and Wine[2], want to utilize the SGDT, SIDT and > SLDT instructions for legitimate reasons. In order to keep such > applications

Re: [PATCH 0/4] x86: enable User-Mode Instruction Prevention

On Mon, Nov 07, 2016 at 10:12:09PM -0800, Ricardo Neri wrote: > There is a caveat, however. Certain applications running in virtual-8086 > mode, such as DOSEMU[1] and Wine[2], want to utilize the SGDT, SIDT and > SLDT instructions for legitimate reasons. In order to keep such > applications

[PATCH 0/4] x86: enable User-Mode Instruction Prevention

User-Mode Instruction Prevention (UMIP) is a security feature present in new Intel Processors. If enabled, it prevents the execution of certain instructions if the Current Privilege Level (CPL) is greater than 0. If these instructions were executed while in CPL > 0, user space applications could

[PATCH 0/4] x86: enable User-Mode Instruction Prevention

User-Mode Instruction Prevention (UMIP) is a security feature present in new Intel Processors. If enabled, it prevents the execution of certain instructions if the Current Privilege Level (CPL) is greater than 0. If these instructions were executed while in CPL > 0, user space applications could