On Thu, Nov 7, 2013 at 4:55 AM, Henrique de Moraes Holschuh <[email protected]> wrote: > On Tue, 05 Nov 2013, Andy Lutomirski wrote: >> Maybe the thing to do is to put a warning in the config text for >> CONFIG_OABI_COMPAT that describes the problems (malicious userspace >> can confuse syscall auditors, strace, etc.), change the "if in doubt" >> part to N, and disable seccomp filters if CONFIG_OABI_COMPAT. That >> might even get Debian to change their default. > > Bug reported to the Debian BTS: #728975 > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728975
FWIW, Ubuntu has also now disabled OABI_COMPAT going forward: https://lists.ubuntu.com/archives/kernel-team/2013-November/034242.html -Kees -- Kees Cook Chrome OS Security ------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk _______________________________________________ libseccomp-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/libseccomp-discuss
