"Maxime Villard" writes: > Module Name: src > Committed By: maxv > Date: Fri Sep 29 17:08:00 UTC 2017 > > Modified Files: > src/sys/compat/linux/common: linux_mod.c linux_sysctl.c linux_sysctl.h > src/sys/kern: kern_exec.c > > Log Message: > Remove compat_linux from the autoload list, and add a sysctl to enable or > disable it - which defaults to disabled. The following command is now > required to use linux binaries: > > sysctl -w emul.linux.enabled=1 > > After a discussion on tech-kern@. All the other ideas to reduce the attack > surface have drawbacks, and this sysctl seems to be the best option.
it was not agreed to disable this by default. please fix. thanks. .mrg.
