05.10.2015 12:47, Andrew Bird пишет: > Mmm, that thread is full of the same old rhetoric (i.e. it must be a risk as no one can be bothered/has time to check it and users > must be prevented from hurting themselves even if they've already jumped through hoops to enable mm.vm_addr=0, which is a known security > risk, so that dosemu can function with cpuemu=off). I do fail to see why the default can't have the vm86() syscall compiled in, but > disabled by default at run time. As Felix pointed, this is exactly what happens. But really, having never delivering dosemu, keeping vm86 ON is pretty useless for them, so I won't bet on this to stay forever. But now as it can be disabled at run-time - the chances are big they'll no longer re-visit this subject and leave it as is. Note that AFAIK dosemu can't use vm86 on fedora even if enabled both compile-time and run-time, because selinux then prevents mapping zero page even if you enabled it in mmap_min_addr (but I may be wrong, someone needs to double-check also this). The security threat may come from the fact that you need to disable selinux. > Regarding RHEL kernels, I've used CentOS 3, 4, 5 and 6 successfully with Dosemu cpuemu=off, so CONFIG_VM86=y was set on those. Have you disabled selinux? -- To unsubscribe from this list: send the line "unsubscribe linux-msdos" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
