Nathan Whitehorn wrote this message on Sun, Jan 13, 2013 at 10:14 -0800:
> On 01/13/13 09:13, Konstantin Belousov wrote:
> > On Sun, Jan 13, 2013 at 08:21:37AM -0800, Nathan Whitehorn wrote:
> >> On 01/13/13 05:20, Konstantin Belousov wrote:
> >>> On Sun, Jan 13, 2013 at 12:41:09PM +0100, Ed Schouten wrote:
> >>>> Hi Kostik,
> >>>>
> >>>> 2013/1/7 Konstantin Belousov <kostik...@gmail.com>:
> >>>>> I still do remember the buzz about the binary format 0xCAFEBABE, which
> >>>>> AFAIR gained image activator support on several OSes, to be garbage
> >>>>> collected.
> >>>>
> >>>> Maybe it would then be a good idea then to add some kind of general
> >>>> purpose remapping imgact? Example:
> >>>>
> >>>> /etc/imgacttab:
> >>>>
> >>>> cafebabe /usr/local/bin/java
> >>>> cffaedfe /usr/local/bin/osx_emulator
> >>>> 4243c0de /usr/bin/lli
> >>>>
> >>>> That way we still give people the freedom to play around with mapping
> >>>> their own executable formats, but don't need to maintain a bunch of
> >>>> imgacts.
> >>>
> >>> A generic module that could be somewhat customized at runtime to map
> >>> offset+signature into the shebang path could be a possibility indeed.
> >>> I strongly prefer to have it as module and not enabled by default.
> >>>
> >>> Asking Nathan for writing the thing is too much, IMHO, esp. in
> >>> the response to the 50-lines hack.
> >>>
> >>
> >> I think this is a good idea, since it both prevents a profusion of
> >> similar activators and works nicely in jails and similar environments. I
> >> probably won't write it quickly, but it should not take more than about
> >> 50 lines, so I can't imagine it will be that bad. There are some
> >> complications with this kind of design from the things in the XXX
> >> comment in imgact_llvm.c about handling argv[0] that I need to think
> >> some more about.
> > Great. I do not believe in the 50 lines, but I am happy that you want
> > to work this out.
> >
> >>
> >> Why are you opposed to having it there by default? I think it's actually
> >> quite important that it be there by default. Having it not "standard"
> >> would be fine, but it should at least be in GENERIC. There are minimal
> >> security risks since it just munges begin_argv and doesn't even load the
> >> executable and it's little enough code that there should not be any
> >> kernel bloat to speak of. If things like this aren't enabled by default,
> >> no one can depend on them being there, no one will use it, and the point
> >> is entirely lost.
> > All image activators demonstrated a constant stream of security holes.
> > Even our ELF activator, and I was guilty there too.
> >
> > I definitely do not fight over the inclusion of the proposed activator
> > into GENERIC, but do insist on the config option + module.
> >
>
> OK, that sounds like a plan then. I'll try to code up something
> configurable in the next couple weeks, unless someone else beats me to it.
I'll point out that file already has the magic (pun intended) that we
are looking for, though I do realize that the code might be a bit much
to import..
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
_______________________________________________
freebsd-toolchain@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-toolchain
To unsubscribe, send any mail to "freebsd-toolchain-unsubscr...@freebsd.org"
