From owner-freebsd-arch@FreeBSD.ORG Sun Jan 13 17:13:14 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 3A8FB4C1; Sun, 13 Jan 2013 17:13:14 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 8B36BFB6; Sun, 13 Jan 2013 17:13:13 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.6/8.14.6) with ESMTP id r0DHD48o068424; Sun, 13 Jan 2013 19:13:04 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.7.4 kib.kiev.ua r0DHD48o068424 Received: (from kostik@localhost) by tom.home (8.14.6/8.14.6/Submit) id r0DHD4HF068423; Sun, 13 Jan 2013 19:13:04 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 13 Jan 2013 19:13:04 +0200 From: Konstantin Belousov To: Nathan Whitehorn Subject: Re: LLVM Image Activator Message-ID: <20130113171304.GZ2561@kib.kiev.ua> References: <50E9BC2D.7000302@freebsd.org> <201301070936.39052.jhb@freebsd.org> <20130107172433.GX82219@kib.kiev.ua> <20130113132057.GQ2561@kib.kiev.ua> <50F2DF11.50202@freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GEbvMeJjk36GUqgv" Content-Disposition: inline In-Reply-To: <50F2DF11.50202@freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home Cc: Ed Schouten , freebsd-toolchain@freebsd.org, freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jan 2013 17:13:14 -0000 --GEbvMeJjk36GUqgv Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Jan 13, 2013 at 08:21:37AM -0800, Nathan Whitehorn wrote: > On 01/13/13 05:20, Konstantin Belousov wrote: > > On Sun, Jan 13, 2013 at 12:41:09PM +0100, Ed Schouten wrote: > >> Hi Kostik, > >> > >> 2013/1/7 Konstantin Belousov : > >>> I still do remember the buzz about the binary format 0xCAFEBABE, which > >>> AFAIR gained image activator support on several OSes, to be garbage > >>> collected. > >> > >> Maybe it would then be a good idea then to add some kind of general > >> purpose remapping imgact? Example: > >> > >> /etc/imgacttab: > >> > >> cafebabe /usr/local/bin/java > >> cffaedfe /usr/local/bin/osx_emulator > >> 4243c0de /usr/bin/lli > >> > >> That way we still give people the freedom to play around with mapping > >> their own executable formats, but don't need to maintain a bunch of > >> imgacts. > >=20 > > A generic module that could be somewhat customized at runtime to map > > offset+signature into the shebang path could be a possibility indeed. > > I strongly prefer to have it as module and not enabled by default. > >=20 > > Asking Nathan for writing the thing is too much, IMHO, esp. in > > the response to the 50-lines hack. > >=20 >=20 > I think this is a good idea, since it both prevents a profusion of > similar activators and works nicely in jails and similar environments. I > probably won't write it quickly, but it should not take more than about > 50 lines, so I can't imagine it will be that bad. There are some > complications with this kind of design from the things in the XXX > comment in imgact_llvm.c about handling argv[0] that I need to think > some more about. Great. I do not believe in the 50 lines, but I am happy that you want to work this out. >=20 > Why are you opposed to having it there by default? I think it's actually > quite important that it be there by default. Having it not "standard" > would be fine, but it should at least be in GENERIC. There are minimal > security risks since it just munges begin_argv and doesn't even load the > executable and it's little enough code that there should not be any > kernel bloat to speak of. If things like this aren't enabled by default, > no one can depend on them being there, no one will use it, and the point > is entirely lost. All image activators demonstrated a constant stream of security holes. Even our ELF activator, and I was guilty there too. I definitely do not fight over the inclusion of the proposed activator into GENERIC, but do insist on the config option + module. --GEbvMeJjk36GUqgv Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQIcBAEBAgAGBQJQ8usfAAoJEJDCuSvBvK1B7ZEP/3kcYy5fF7Ld9YBfRAwqMaBu IpEiPPpKtK2KarELSvRXTIYIoy92kJE5ax7Ad+cummm3sNN2yolBQAKJ+fAkHnBv +hWLpKxOmzdnjw4fO0GLU71vNEImTtj8YSymErZxNl10HTrwl8usBkl0SlequI11 m5fbbNNmsBK+6TS9OP/6CN9Pq1exqUPsu4HUDUunFJ+ucOAcCh4tNddcTRZwItc9 wMYErq+XWhd7t29g0PyAH3Tw9h9MgvKPGNrRUzji/Ytno5sv9Xg0ZBQ/MP3PLt4i kulsU3Nvko32YGl/Kme7Kl3jU2sGEq0p9S1IIPqbmyVxd49/3w7pW9SSFffoijPX S+R5MCEKQo3cGvyAEawa0hxaCY84KZd5njGfNN6FQtThwjZMY8bfFNWqAKpbNRmI bXt+sNipZu8vJnEa2NNjr8CtpShvoczkxNMGHVU+ZWiG81QekqdaH8yRSAsgRGB9 T4s0cQTXoI4GmX8Zl6u9p1yFVQ5bS3zs4oCbRUme5zsqHX1L7ufNUl6F8TayELvX 46YOhiuWZIShvI/oRU1MZcgVq6VZy/eElf8WbiiNDKZVyI9VsfJRm6x+b2KM9OlC KdGV4aUDaesjAkk5KQCS118vxZDvtSY7lyksSlN1UqFqq4G+tQi2Ch4I+FvqLV5d kEsyiEh666KnTaWUAZI4 =Xf2/ -----END PGP SIGNATURE----- --GEbvMeJjk36GUqgv--