Browse code
Caution against the use of CONFIG_LEGACY_VSYSCALL_NATIVE
It provides an ASLR-bypassing target with usable ROP gadgets.
Signed-off-by: Ian Campbell <ian.campbell@docker.com>
(cherry picked from commit 49dcce7ba0a067b62d7791a0525f23b80cd7ad24)
Signed-off-by: Victor Vieux <vieux@docker.com>
Ian Campbell authored on 2016/12/05 19:13:07Showing 1 changed files
| ... | ... |
@@ -224,7 +224,8 @@ echo 'Optional Features:' |
| 224 | 224 |
} |
| 225 | 225 |
{
|
| 226 | 226 |
if is_set LEGACY_VSYSCALL_NATIVE; then |
| 227 |
- echo -n "- "; wrap_good "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled' |
|
| 227 |
+ echo -n "- "; wrap_bad "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled' |
|
| 228 |
+ echo " $(wrap_color '(dangerous, provides an ASLR-bypassing target with usable ROP gadgets.)' bold black)" |
|
| 228 | 229 |
elif is_set LEGACY_VSYSCALL_EMULATE; then |
| 229 | 230 |
echo -n "- "; wrap_good "CONFIG_LEGACY_VSYSCALL_EMULATE" 'enabled' |
| 230 | 231 |
elif is_set LEGACY_VSYSCALL_NONE; then |