kernel-packages team mailing list archive

Thread
Date

[Bug 1499089] Re: Please enable kconfig X86_LEGACY_VM86 for i386

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Paul Crawford <1499089@xxxxxxxxxxxxxxxxxx>
Date: Sat, 03 Oct 2015 17:06:32 -0000
Reply-to: Bug 1499089 <1499089@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

We also run critical software that depends on the vm86 for performance
reasons, and we are already using dosemu with root privileges to gain
direct hardware access, so we see the potential security risks of this
are trivial. The suggestion above to have the patch back-ported to
enable vm86 only when vm.mmap_min_addr=0 seems a perfectly good way of
satisfying all user cases.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1499089

Title:
  Please enable kconfig X86_LEGACY_VM86 for i386

Status in linux package in Ubuntu:
  Triaged

Bug description:
  In order for dosemu to reach maximum performance (a > 10x speedup) please enable kconfig X86_LEGACY_VM86 in the kernel. As of this commit http://www.spinics.net/lists/linux-tip-commits/msg30360.html
  the overzealous kconfig message that seemed to suggest that the vm86() syscall was a security hazard in itself has been revised to reflect reality. Also please note that even if this kconfig option is enabled the runtime default is still off as vm86 is only actually enabled if the sysctl vm.mmap_min_addr is set to 0. That said, allowing  vm.mmap_min_addr=0  is a known security risk and enabling the vm86() syscall to operate additionally would add little value to any potential attacker.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1499089/+subscriptions

References

[Bug 1499089] [NEW] Please enable kconfig X86_LEGACY_VM86 for i386
From: Andrew Bird, 2015-09-23