[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#728975: linux: [ARM] CONFIG_OABI_COMPAT harmful (slower, unsafe, breaks at least seccomp and audit)

On Thu, Nov 07, 2013 at 10:46:37AM -0200, Henrique de Moraes Holschuh wrote:
> Package: linux
> Severity: normal
> Tags: security
> Please refer to:
> https://lkml.org/lkml/2013/11/5/448
> https://lkml.org/lkml/2013/11/6/633
> The issue is not yet closed in LKML, but basically OABI_COMPAT enabled seems
> to be a danger: at least seccomp and audit should not be used with OABI, and
> to top it off it is not "free" as far as performance goes, either: a fair
> amount of added complexity, and an extra D-cache miss on every syscall.

AUDITSYSCALL cannot be enabled if OABI_COMPAT is enabled.  I wasn't
aware of the problem with seccomp mode 2 but I agree it's serious.

I doubt there's any significant demand for OABI_COMPAT and I already
disabled it for some of the size-constrained armel flavours.  I'll
wait for input from the ARM porters, but I think it would be
reasonable to disable it for the rest.


Ben Hutchings
It is easier to change the specification to fit the program than vice versa.

Reply to: