Re: Bug#728975: linux: [ARM] CONFIG_OABI_COMPAT harmful (slower, unsafe, breaks at least seccomp and audit)
(ccing debian-arm)
On Thu, 2013-11-07 at 16:42 +0000, Ben Hutchings wrote:
> On Thu, Nov 07, 2013 at 10:46:37AM -0200, Henrique de Moraes Holschuh wrote:
> > Package: linux
> > Severity: normal
> > Tags: security
> >
> > Please refer to:
> > https://lkml.org/lkml/2013/11/5/448
> > https://lkml.org/lkml/2013/11/6/633
> >
> > The issue is not yet closed in LKML, but basically OABI_COMPAT enabled seems
> > to be a danger: at least seccomp and audit should not be used with OABI, and
> > to top it off it is not "free" as far as performance goes, either: a fair
> > amount of added complexity, and an extra D-cache miss on every syscall.
>
> AUDITSYSCALL cannot be enabled if OABI_COMPAT is enabled. I wasn't
> aware of the problem with seccomp mode 2 but I agree it's serious.
>
> I doubt there's any significant demand for OABI_COMPAT and I already
> disabled it for some of the size-constrained armel flavours. I'll
> wait for input from the ARM porters, but I think it would be
> reasonable to disable it for the rest.
I agree (mostly replying just for the CC to the ARM porters).
Ian
Reply to: