From c84f43d63f0066f95a949fb592d5e2cadf8d3d83 Mon Sep 17 00:00:00 2001
From: Ian Campbell <ian.campbell@docker.com>
Date: Mon, 5 Dec 2016 10:13:07 +0000
Subject: [PATCH] Caution against the use of CONFIG_LEGACY_VSYSCALL_NATIVE

It provides an ASLR-bypassing target with usable ROP gadgets.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
(cherry picked from commit 49dcce7ba0a067b62d7791a0525f23b80cd7ad24)
Signed-off-by: Victor Vieux <vieux@docker.com>
---
 contrib/check-config.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/contrib/check-config.sh b/contrib/check-config.sh
index a6029e310e..d07e4ce368 100755
--- a/contrib/check-config.sh
+++ b/contrib/check-config.sh
@@ -224,7 +224,8 @@ echo 'Optional Features:'
 }
 {
 	if is_set LEGACY_VSYSCALL_NATIVE; then
-		echo -n "- "; wrap_good "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled'
+		echo -n "- "; wrap_bad "CONFIG_LEGACY_VSYSCALL_NATIVE" 'enabled'
+		echo "    $(wrap_color '(dangerous, provides an ASLR-bypassing target with usable ROP gadgets.)' bold black)"
 	elif is_set LEGACY_VSYSCALL_EMULATE; then
 		echo -n "- "; wrap_good "CONFIG_LEGACY_VSYSCALL_EMULATE" 'enabled'
 	elif is_set LEGACY_VSYSCALL_NONE; then