From nobody Mon Feb 20 20:12:33 2023 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4PLD9s2spwz3s6lB for ; Mon, 20 Feb 2023 20:12:49 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4PLD9r23Dkz3K2X for ; Mon, 20 Feb 2023 20:12:48 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bsdimp-com.20210112.gappssmtp.com header.s=20210112 header.b=8EzkqM4v; spf=none (mx1.freebsd.org: domain of wlosh@bsdimp.com has no SPF policy when checking 2a00:1450:4864:20::529) smtp.mailfrom=wlosh@bsdimp.com; dmarc=none Received: by mail-ed1-x529.google.com with SMTP id ec43so8466212edb.8 for ; Mon, 20 Feb 2023 12:12:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20210112.gappssmtp.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=kopteQJfHyYUMAaXEZ8Q2ehGoEPFOsFstfTH4EeTDL0=; b=8EzkqM4vz4+hKGx3h7QRNTHumRQ/COHJcA11xZglyGeuJyxdnCbCdffM2+tJuo4s2f kbnx/IYmZWTm2k+bQEo+2xEdzsK4KNm8iyohrZttVg/kQpbxFFnf/sgwEqkIQVshb6bP TMBjb0Icrt8W4zwaYBbPLjmyVyzDH4iiUyV+auj1khZ0EMn+wejsPyMHV9WNet1Wo8Vd tGPK+C5Y5kq4vWGENz1LPi+G6ukh2i2e9FjWGwC9nTtsrnA/ET+qGKgJ5/e8fJ7ZED9d fOb21rDSFSA2mlXkWwAuXl1/njlRONO/A7UvKHgyWokNnHzCt/4NdKWzL8P7QGwodFc4 O8rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=kopteQJfHyYUMAaXEZ8Q2ehGoEPFOsFstfTH4EeTDL0=; b=Pe4hPtGj5DxYVTzmM+mmBMn5UAyxsSc6mvL7sM8IEckAsy2JnXvoLtA0RoBmjM29Zu io4L4r1+WFzQFkcmrTU8ceV5Fw5NjMLjaInrjPOgOq1/6TETJAafEHckCn7IPtyazkDg cdPfPpOtJCljUO9vwk4gpNgBX4iWtA/bvI0TfZT7qXsC7WNbkwUmqI2miqD/QolukblF SFPBXBJAG+i028Z9bHGCOhWmtBUZGARXqK46wilsNUUe+1+EXDCgToyP1yp+fbsx219h dktfCunN3vNRvHCp2Jnubq0rNDuyRkeMSXNYS93cfZnFl0XkCh8Mag/5zpfYNrtXFLcA Mysw== X-Gm-Message-State: AO0yUKUkOWcMpr0SLQjs6BcBPINhJe/fRaqxWs+jhVLOq+mY4ek2r0Nw mn3l8ln8GZsKyTEwknCHC55Vkn4gfTvqEeIyFomRPQ== X-Google-Smtp-Source: AK7set8YlzCBAlSpRgg2gsomjFgotEj+fQyzlx1a4huobdq8j2OeYAhBu5Ctv+Rlhw+XBt7pnYzpDBXYy/RQWVxKQvw= X-Received: by 2002:a05:6402:3216:b0:4ad:7bb2:eefb with SMTP id g22-20020a056402321600b004ad7bb2eefbmr854951eda.3.1676923964635; Mon, 20 Feb 2023 12:12:44 -0800 (PST) List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@freebsd.org MIME-Version: 1.0 References: <01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@email.amazonses.com> In-Reply-To: <01000186589237d9-6c480554-3d01-405a-9f7a-81e96ae2a395-000000@email.amazonses.com> From: Warner Losh Date: Mon, 20 Feb 2023 13:12:33 -0700 Message-ID: Subject: Re: RFC: Removing WITHOUT_CAPSICUM and WITHOUT_CASPER from 14.x To: Colin Percival Cc: freebsd-arch@freebsd.org Content-Type: multipart/alternative; boundary="0000000000003a4edf05f527495d" X-Spamd-Result: default: False [-2.97 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.97)[-0.968]; FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com]; R_DKIM_ALLOW(-0.20)[bsdimp-com.20210112.gappssmtp.com:s=20210112]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; MLMMJ_DEST(0.00)[freebsd-arch@freebsd.org]; R_SPF_NA(0.00)[no SPF record]; ARC_NA(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::529:from]; DKIM_TRACE(0.00)[bsdimp-com.20210112.gappssmtp.com:+]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TO_DN_SOME(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; PREVIOUSLY_DELIVERED(0.00)[freebsd-arch@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DMARC_NA(0.00)[bsdimp.com]; FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com] X-Rspamd-Queue-Id: 4PLD9r23Dkz3K2X X-Spamd-Bar: -- X-ThisMailContainsUnwantedMimeParts: N --0000000000003a4edf05f527495d Content-Type: text/plain; charset="UTF-8" My only feedback is that bsd-user doesn't fully implement capsicum, which may cause issues with that... Warner On Wed, Feb 15, 2023 at 9:53 PM Colin Percival wrote: > Hi FreeBSD architects, > > I'd like to remove WITHOUT_CAPSICUM and WITHOUT_CASPER for FreeBSD 14.x. > > The rationale for this is threefold: > > 1. They doesn't serve any useful purpose and merely weakens security; > > 2. They're an anomaly among WITH/WITHOUT options -- most WITHOUT_* options > take the form "don't build/install " rather than having > effects across the entire tree. > > 3. They're a pain for release engineering, because approximately nobody > ever > tests FreeBSD with WITHOUT_CAPSICUM or WITHOUT_CASPER set, but they're the > sort of option which can easily break the build due to having affects all > over the tree. > > If nobody objects, my plan is to get rid of the WITHOUT_ build options > first > and leave MK_{CAPSICUM,CASPER} set unconditionally to "yes"; then sweep the > tree (mostly a matter of running unifdef) after 14.x is branched. > > -- > Colin Percival > FreeBSD Deputy Release Engineer & EC2 platform maintainer > Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid > > --0000000000003a4edf05f527495d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
My only feedback is that bsd-user doesn't fully implem= ent capsicum, which may cause
issues with that...

<= div>Warner

On Wed, Feb 15, 2023 at 9:53 PM Colin Percival <cperciva@tarsnap.com> wrote:
Hi FreeBSD architects,=

I'd like to remove WITHOUT_CAPSICUM and WITHOUT_CASPER for FreeBSD 14.x= .

The rationale for this is threefold:

1. They doesn't serve any useful purpose and merely weakens security;
2. They're an anomaly among WITH/WITHOUT options -- most WITHOUT_* opti= ons
take the form "don't build/install <components>" rather= than having
effects across the entire tree.

3. They're a pain for release engineering, because approximately nobody= ever
tests FreeBSD with WITHOUT_CAPSICUM or WITHOUT_CASPER set, but they're = the
sort of option which can easily break the build due to having affects all over the tree.

If nobody objects, my plan is to get rid of the WITHOUT_ build options firs= t
and leave MK_{CAPSICUM,CASPER} set unconditionally to "yes"; then= sweep the
tree (mostly a matter of running unifdef) after 14.x is branched.

--
Colin Percival
FreeBSD Deputy Release Engineer & EC2 platform maintainer
Founder, Tarsnap | www.tarsnap.com | Online backups for the truly paranoid=

--0000000000003a4edf05f527495d--