Date: Sat, 11 May 2024 00:04:43 +0000 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: henrichhartzer@tuta.io Cc: Freebsd Arch <freebsd-arch@freebsd.org> Subject: Re: Disabling COMPAT_FREEBSD4/5/6/7/9 in default kernel configurations Message-ID: <4ruchlg2debo4s54weawnmknxiup2dskqjvj35pz4pjpia7tkl@gpzyivqc7ni2> In-Reply-To: <NxZrrMD--3-9@tuta.io> References: <NxZrrMD--3-9@tuta.io>
next in thread | previous in thread | raw e-mail | index | archive | help
--szjps3zr2m6hqefl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, May 11, 2024 at 01:38:38AM +0200, henrichhartzer@tuta.io wrote: > Hi everyone, >=20 > Warner suggested that I run this by the list. In 2018, a bug report was m= ade for disabling COMPAT_FREEBSD4/5/6/7/9 (there's no 8). 6 years later, I = imagine this would be as good of a time as any to do this if there's no obv= ious problems doing so. >=20 > Here's the bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id= =3D231768 >=20 > And a pull request in the spirit of the original patch: https://github.co= m/freebsd/freebsd-src/pull/1228 >=20 > I imagine if this sounds like a good idea, it would land in 15.0. Users c= ould always recompile kernels with the old ABI functionality as needed. I f= eel like we're all a little curious if anything still uses this, and making= this kind of change is probably the best way to find out. >=20 > In my opinion, if all goes well, it may be wise to remove the old code in= the next major version. Could do the full list, or just FreeBSD 4 and 5 co= mpatibility, for instance. Barring notable negative feedback, of course. >=20 > There were some concerns about Rust, but it sounds like it uses (or used?= ) FreeBSD 10.X features, which this patch does not remove. On that topic: h= ttps://github.com/rust-lang/rust/issues/89058 >=20 > Long term, it might be a good idea to enable support for EOL-1, and maybe= remove code for EOL-2, of course a less aggressive policy is also possible= (EOL-2 and EOL-3?). Getting out of the single digit FreeBSD versions shoul= d be a good start, though! >=20 > Appreciate any feedback on this and hopefully we can reach some kind of c= onsensus on how to proceed in 2024. For what it's worth, just as a little data point, HardenedBSD has disabled the following in the base amd64 kernel config: 1. COMPAT_FREEBSD4 2. COMPAT_FREEBSD5 3. COMPAT_FREEBSD6 4. COMPAT_FREEBSD7 5. COMPAT_FREEBSD9 6. COMPAT_FREEBSD10 7. COMPAT_FREEBSD32 I'm somewhat debating adding COMPAT_FREEBSD11 to the list. I'll give that a shot next week and see what happens. Rust seems to work fine for me. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --szjps3zr2m6hqefl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmY+tgYACgkQ/y5nonf4 4fo4AQ//aVjcLwrT6YPPdpC85ahqDm593eD7Jg84qdOB+/DDrqFI03S3PaT48jFl jT3DM8H/8FGadrNzJx2Z7DflszjjNpL7bAzQ59TqQW3P3LKVpTwTuIQgF/whVnm1 hmgf+Q6MEt29kdVUaW45rdW0UVXP6sFydBtNdViMlVZSKP/kZErCZCkqR2ziNylF exg6fcXqBWSESgF7+2dPHyRdOjJxC9AdCx2jpOVkJXwFFRLtUnuBitA4jsQlNZgS rqGJESWFecDxQ7jgfZhTcwyPkjWV4GuDXsGJ3CVvlOUsCc6ad2NwgrGVhVuzILyi HJkUhb7QoZlnjxJzTV8PJzCOT+MEduNglMuE/0+f4oDbrV2POMMrju0nv+aHegbP 68MUj7q4YzQd4SHFlBcyD2eyLAh125gm1XOkqDB5oP8SMlmG6yg+2kSJn1gE3zkw J663epAWQfSAQngkRWqVFj6hEiHj9kSF7iEyzsaw7iSb0j0MweGUPF6ZvoHAuUz1 NnotmV2SxmzPJPhx7tXWDQK6rhut36lhWr8+IdqqcXKoM2u/dpX0veKJ/UZtu1Oj rFXaNzj3h3vU3grPZtDcmfT9e3PQJcasA0acESG8ROgNeg9mFuf3rbfT9KNWuSXp ypcnS2QMnfARSkC64xHXwTu3eb1jFQtS2VgtURWF7b8fW/kg0V4= =/8l0 -----END PGP SIGNATURE----- --szjps3zr2m6hqefl--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ruchlg2debo4s54weawnmknxiup2dskqjvj35pz4pjpia7tkl>