From owner-freebsd-arch Fri Feb 23 0:26:46 2001 Delivered-To: freebsd-arch@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 268B337B503 for ; Fri, 23 Feb 2001 00:26:44 -0800 (PST) (envelope-from bright@fw.wintelcom.net) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id f1N8OCl13139; Fri, 23 Feb 2001 00:24:12 -0800 (PST) Date: Fri, 23 Feb 2001 00:24:12 -0800 From: Alfred Perlstein To: Kris Kennaway Cc: Marcel Moolenaar , arch@FreeBSD.ORG Subject: Re: sysctl kern.fallback_elf_brand Message-ID: <20010223002412.F8663@fw.wintelcom.net> References: <3A960EF8.75C3FC53@cup.hp.com> <20010222233800.A1394@mollari.cthul.hu> <20010222234457.D8663@fw.wintelcom.net> <20010222235035.A1656@mollari.cthul.hu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010222235035.A1656@mollari.cthul.hu>; from kris@obsecurity.org on Thu, Feb 22, 2001 at 11:50:35PM -0800 X-all-your-base: are belong to us. Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Kris Kennaway [010222 23:50] wrote: > > > > > > I've run into the unbranded Linux binary reboot before..very > > > annoying. I agree the default should be changed. > > > > Why does this happen? Does the exec code freak out if the default > > isn't present, or does some common syscall just happen to map to > > Linux's reboot syscall? > > Other way around. A common Linux syscall maps to the FreeBSD reboot > syscall, so if the binary is unbranded the syscalls are interpreted > using the FreeBSD table, and the user is left looking very surprised. Hah, afaik reboot in linux takes magic args to prevent this sort of problem some args which happen to map to Linus's family members' birthdays or something. :) Anyhow we should refuse to run unbranded binaries as root. however as a "don't beat the user" policy it leads to: Refuse to run unbranded binaries as anyone. Which is much safer, it might be nice to have the exec code emit a message to inform the user that he may want to turn on the default exec stuff. Actually, I think it used to do this, it was far less convient to brand my binaries than to have my box reboot because I ran a linux app without branding. Now with the "default" exec stuff it becomes even easier. Basically, i don't really think the default exec stuff should be enabled by default, otherwise if we switch to linux as the default and common srv4 syscall happens to map to Linux's "eatmydisk(2)" we'll get more complaints. Turn it off and make it spew out about running brandelf or setting the sysctl, or make it just reference some emulator(4) manpage that describes the issues here. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message