Bug#728975: linux: [ARM] CONFIG_OABI_COMPAT harmful (slower, unsafe, breaks at least seccomp and audit)
On Thu, Nov 07, 2013 at 10:46:37AM -0200, Henrique de Moraes Holschuh wrote:
> Package: linux
> Severity: normal
> Tags: security
> Please refer to:
> The issue is not yet closed in LKML, but basically OABI_COMPAT enabled seems
> to be a danger: at least seccomp and audit should not be used with OABI, and
> to top it off it is not "free" as far as performance goes, either: a fair
> amount of added complexity, and an extra D-cache miss on every syscall.
AUDITSYSCALL cannot be enabled if OABI_COMPAT is enabled. I wasn't
aware of the problem with seccomp mode 2 but I agree it's serious.
I doubt there's any significant demand for OABI_COMPAT and I already
disabled it for some of the size-constrained armel flavours. I'll
wait for input from the ARM porters, but I think it would be
reasonable to disable it for the rest.
It is easier to change the specification to fit the program than vice versa.