Re: Disabling COMPAT_FREEBSD4/5/6/7/9 in default kernel configurations
- In reply to: henrichhartzer_a_tuta.io: "Disabling COMPAT_FREEBSD4/5/6/7/9 in default kernel configurations"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 11 May 2024 00:04:43 UTC
On Sat, May 11, 2024 at 01:38:38AM +0200, henrichhartzer@tuta.io wrote: > Hi everyone, > > Warner suggested that I run this by the list. In 2018, a bug report was made for disabling COMPAT_FREEBSD4/5/6/7/9 (there's no 8). 6 years later, I imagine this would be as good of a time as any to do this if there's no obvious problems doing so. > > Here's the bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231768 > > And a pull request in the spirit of the original patch: https://github.com/freebsd/freebsd-src/pull/1228 > > I imagine if this sounds like a good idea, it would land in 15.0. Users could always recompile kernels with the old ABI functionality as needed. I feel like we're all a little curious if anything still uses this, and making this kind of change is probably the best way to find out. > > In my opinion, if all goes well, it may be wise to remove the old code in the next major version. Could do the full list, or just FreeBSD 4 and 5 compatibility, for instance. Barring notable negative feedback, of course. > > There were some concerns about Rust, but it sounds like it uses (or used?) FreeBSD 10.X features, which this patch does not remove. On that topic: https://github.com/rust-lang/rust/issues/89058 > > Long term, it might be a good idea to enable support for EOL-1, and maybe remove code for EOL-2, of course a less aggressive policy is also possible (EOL-2 and EOL-3?). Getting out of the single digit FreeBSD versions should be a good start, though! > > Appreciate any feedback on this and hopefully we can reach some kind of consensus on how to proceed in 2024. For what it's worth, just as a little data point, HardenedBSD has disabled the following in the base amd64 kernel config: 1. COMPAT_FREEBSD4 2. COMPAT_FREEBSD5 3. COMPAT_FREEBSD6 4. COMPAT_FREEBSD7 5. COMPAT_FREEBSD9 6. COMPAT_FREEBSD10 7. COMPAT_FREEBSD32 I'm somewhat debating adding COMPAT_FREEBSD11 to the list. I'll give that a shot next week and see what happens. Rust seems to work fine for me. Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc