Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/arch/i386/conf Disable svr4 and ibcs2 by default.
details: https://anonhg.NetBSD.org/src/rev/695475de282c
branches: trunk
changeset: 355389:695475de282c
user: maxv <maxv%NetBSD.org@localhost>
date: Fri Jul 28 14:13:13 2017 +0000
description:
Disable svr4 and ibcs2 by default.
These options are not well-tested, of a limited use case, and the potential
for damage is too high. Vulnerabilities were presented at DEFCON 25 - I see
that at least one of them can be exploited to get ring0 privileges.
diffstat:
sys/arch/i386/conf/GENERIC | 8 ++++----
sys/arch/i386/conf/XEN3_DOM0 | 6 +++---
sys/arch/i386/conf/XEN3_DOMU | 6 +++---
3 files changed, 10 insertions(+), 10 deletions(-)
diffs (69 lines):
diff -r 84dfab85ecfd -r 695475de282c sys/arch/i386/conf/GENERIC
--- a/sys/arch/i386/conf/GENERIC Fri Jul 28 14:13:11 2017 +0000
+++ b/sys/arch/i386/conf/GENERIC Fri Jul 28 14:13:13 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1158 2017/07/28 13:59:07 maxv Exp $
+# $NetBSD: GENERIC,v 1.1159 2017/07/28 14:13:13 maxv Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.1158 $"
+#ident "GENERIC-$Revision: 1.1159 $"
maxusers 64 # estimated number of users
@@ -144,8 +144,8 @@
#options TCP_COMPAT_42 # 4.2BSD TCP/IP bug compat. Not recommended.
options COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
-options COMPAT_SVR4 # binary compatibility with SVR4
-options COMPAT_IBCS2 # binary compatibility with SCO and ISC
+#options COMPAT_SVR4 # binary compatibility with SVR4
+#options COMPAT_IBCS2 # binary compatibility with SCO and ISC
options COMPAT_LINUX # binary compatibility with Linux
#options COMPAT_FREEBSD # binary compatibility with FreeBSD
#options COMPAT_NDIS # NDIS network driver
diff -r 84dfab85ecfd -r 695475de282c sys/arch/i386/conf/XEN3_DOM0
--- a/sys/arch/i386/conf/XEN3_DOM0 Fri Jul 28 14:13:11 2017 +0000
+++ b/sys/arch/i386/conf/XEN3_DOM0 Fri Jul 28 14:13:13 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOM0,v 1.113 2017/06/22 18:14:32 khorben Exp $
+# $NetBSD: XEN3_DOM0,v 1.114 2017/07/28 14:13:13 maxv Exp $
#
# XEN3_0: Xen 3.0 domain0 kernel
@@ -97,8 +97,8 @@
#options TCP_COMPAT_42 # 4.2BSD TCP/IP bug compat. Not recommended.
options COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
-options COMPAT_SVR4 # binary compatibility with SVR4
-options COMPAT_IBCS2 # binary compatibility with SCO and ISC
+#options COMPAT_SVR4 # binary compatibility with SVR4
+#options COMPAT_IBCS2 # binary compatibility with SCO and ISC
options COMPAT_LINUX # binary compatibility with Linux
#options COMPAT_FREEBSD # binary compatibility with FreeBSD
options COMPAT_BSDPTY # /dev/[pt]ty?? ptys.
diff -r 84dfab85ecfd -r 695475de282c sys/arch/i386/conf/XEN3_DOMU
--- a/sys/arch/i386/conf/XEN3_DOMU Fri Jul 28 14:13:11 2017 +0000
+++ b/sys/arch/i386/conf/XEN3_DOMU Fri Jul 28 14:13:13 2017 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: XEN3_DOMU,v 1.77 2017/05/21 06:19:37 pgoyette Exp $
+# $NetBSD: XEN3_DOMU,v 1.78 2017/07/28 14:13:13 maxv Exp $
include "arch/xen/conf/std.xen"
@@ -81,8 +81,8 @@
#options TCP_COMPAT_42 # 4.2BSD TCP/IP bug compat. Not recommended.
options COMPAT_OSSAUDIO # OSS (Voxware) audio driver compatibility
-options COMPAT_SVR4 # binary compatibility with SVR4
-options COMPAT_IBCS2 # binary compatibility with SCO and ISC
+#options COMPAT_SVR4 # binary compatibility with SVR4
+#options COMPAT_IBCS2 # binary compatibility with SCO and ISC
options COMPAT_LINUX # binary compatibility with Linux
#options COMPAT_FREEBSD # binary compatibility with FreeBSD
options COMPAT_BSDPTY # /dev/[pt]ty?? ptys.
Home |
Main Index |
Thread Index |
Old Index