From owner-freebsd-arch@FreeBSD.ORG Sun Jan 13 18:14:22 2013 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id E7C94631; Sun, 13 Jan 2013 18:14:22 +0000 (UTC) (envelope-from nwhitehorn@freebsd.org) Received: from argol.doit.wisc.edu (argol.doit.wisc.edu [144.92.197.212]) by mx1.freebsd.org (Postfix) with ESMTP id C35D2274; Sun, 13 Jan 2013 18:14:22 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from wanderer.tachypleus.net (c-24-63-204-107.hsd1.ct.comcast.net [24.63.204.107]) by smtpauth3.wiscmail.wisc.edu (Sun Java(tm) System Messaging Server 7u2-7.05 32bit (built Jul 30 2009)) with ESMTPSA id <0MGK006GVTBV7J00@smtpauth3.wiscmail.wisc.edu>; Sun, 13 Jan 2013 12:14:22 -0600 (CST) X-Spam-PmxInfo: Server=avs-3, Version=5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2013.1.13.180328, SenderIP=24.63.204.107 X-Spam-Report: AuthenticatedSender=yes, SenderIP=24.63.204.107 X-Wisc-Sender: whitehorn@wisc.edu Message-id: <50F2F97B.5030306@freebsd.org> Date: Sun, 13 Jan 2013 10:14:19 -0800 From: Nathan Whitehorn User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130112 Thunderbird/17.0.2 To: Konstantin Belousov Subject: Re: LLVM Image Activator References: <50E9BC2D.7000302@freebsd.org> <201301070936.39052.jhb@freebsd.org> <20130107172433.GX82219@kib.kiev.ua> <20130113132057.GQ2561@kib.kiev.ua> <50F2DF11.50202@freebsd.org> <20130113171304.GZ2561@kib.kiev.ua> In-reply-to: <20130113171304.GZ2561@kib.kiev.ua> Cc: Ed Schouten , freebsd-toolchain@freebsd.org, freebsd-arch@freebsd.org X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jan 2013 18:14:23 -0000 On 01/13/13 09:13, Konstantin Belousov wrote: > On Sun, Jan 13, 2013 at 08:21:37AM -0800, Nathan Whitehorn wrote: >> On 01/13/13 05:20, Konstantin Belousov wrote: >>> On Sun, Jan 13, 2013 at 12:41:09PM +0100, Ed Schouten wrote: >>>> Hi Kostik, >>>> >>>> 2013/1/7 Konstantin Belousov : >>>>> I still do remember the buzz about the binary format 0xCAFEBABE, which >>>>> AFAIR gained image activator support on several OSes, to be garbage >>>>> collected. >>>> >>>> Maybe it would then be a good idea then to add some kind of general >>>> purpose remapping imgact? Example: >>>> >>>> /etc/imgacttab: >>>> >>>> cafebabe /usr/local/bin/java >>>> cffaedfe /usr/local/bin/osx_emulator >>>> 4243c0de /usr/bin/lli >>>> >>>> That way we still give people the freedom to play around with mapping >>>> their own executable formats, but don't need to maintain a bunch of >>>> imgacts. >>> >>> A generic module that could be somewhat customized at runtime to map >>> offset+signature into the shebang path could be a possibility indeed. >>> I strongly prefer to have it as module and not enabled by default. >>> >>> Asking Nathan for writing the thing is too much, IMHO, esp. in >>> the response to the 50-lines hack. >>> >> >> I think this is a good idea, since it both prevents a profusion of >> similar activators and works nicely in jails and similar environments. I >> probably won't write it quickly, but it should not take more than about >> 50 lines, so I can't imagine it will be that bad. There are some >> complications with this kind of design from the things in the XXX >> comment in imgact_llvm.c about handling argv[0] that I need to think >> some more about. > Great. I do not believe in the 50 lines, but I am happy that you want > to work this out. > >> >> Why are you opposed to having it there by default? I think it's actually >> quite important that it be there by default. Having it not "standard" >> would be fine, but it should at least be in GENERIC. There are minimal >> security risks since it just munges begin_argv and doesn't even load the >> executable and it's little enough code that there should not be any >> kernel bloat to speak of. If things like this aren't enabled by default, >> no one can depend on them being there, no one will use it, and the point >> is entirely lost. > All image activators demonstrated a constant stream of security holes. > Even our ELF activator, and I was guilty there too. > > I definitely do not fight over the inclusion of the proposed activator > into GENERIC, but do insist on the config option + module. > OK, that sounds like a plan then. I'll try to code up something configurable in the next couple weeks, unless someone else beats me to it. -Nathan