LLVM Image Activator

Nathan Whitehorn nwhitehorn at freebsd.org
Sun Jan 13 18:14:23 UTC 2013 

On 01/13/13 09:13, Konstantin Belousov wrote:
> On Sun, Jan 13, 2013 at 08:21:37AM -0800, Nathan Whitehorn wrote:
>> On 01/13/13 05:20, Konstantin Belousov wrote:
>>> On Sun, Jan 13, 2013 at 12:41:09PM +0100, Ed Schouten wrote:
>>>> Hi Kostik,
>>>>
>>>> 2013/1/7 Konstantin Belousov <kostikbel at gmail.com>:
>>>>> I still do remember the buzz about the binary format 0xCAFEBABE, which
>>>>> AFAIR gained image activator support on several OSes, to be garbage
>>>>> collected.
>>>>
>>>> Maybe it would then be a good idea then to add some kind of general
>>>> purpose remapping imgact? Example:
>>>>
>>>> /etc/imgacttab:
>>>>
>>>> cafebabe /usr/local/bin/java
>>>> cffaedfe /usr/local/bin/osx_emulator
>>>> 4243c0de /usr/bin/lli
>>>>
>>>> That way we still give people the freedom to play around with mapping
>>>> their own executable formats, but don't need to maintain a bunch of
>>>> imgacts.
>>>
>>> A generic module that could be somewhat customized at runtime to map
>>> offset+signature into the shebang path could be a possibility indeed.
>>> I strongly prefer to have it as module and not enabled by default.
>>>
>>> Asking Nathan for writing the thing is too much, IMHO, esp. in
>>> the response to the 50-lines hack.
>>>
>>
>> I think this is a good idea, since it both prevents a profusion of
>> similar activators and works nicely in jails and similar environments. I
>> probably won't write it quickly, but it should not take more than about
>> 50 lines, so I can't imagine it will be that bad. There are some
>> complications with this kind of design from the things in the XXX
>> comment in imgact_llvm.c about handling argv[0] that I need to think
>> some more about.
> Great. I do not believe in the 50 lines, but I am happy that you want
> to work this out.
> 
>>
>> Why are you opposed to having it there by default? I think it's actually
>> quite important that it be there by default. Having it not "standard"
>> would be fine, but it should at least be in GENERIC. There are minimal
>> security risks since it just munges begin_argv and doesn't even load the
>> executable and it's little enough code that there should not be any
>> kernel bloat to speak of. If things like this aren't enabled by default,
>> no one can depend on them being there, no one will use it, and the point
>> is entirely lost.
> All image activators demonstrated a constant stream of security holes.
> Even our ELF activator, and I was guilty there too.
> 
> I definitely do not fight over the inclusion of the proposed activator
> into GENERIC, but do insist on the config option + module.
> 

OK, that sounds like a plan then. I'll try to code up something
configurable in the next couple weeks, unless someone else beats me to it.
-Nathan

More information about the freebsd-toolchain mailing list