On Sun, Jan 13, 2013 at 08:21:37AM -0800, Nathan Whitehorn wrote: > On 01/13/13 05:20, Konstantin Belousov wrote: > > On Sun, Jan 13, 2013 at 12:41:09PM +0100, Ed Schouten wrote: > >> Hi Kostik, > >> > >> 2013/1/7 Konstantin Belousov <[email protected]>: > >>> I still do remember the buzz about the binary format 0xCAFEBABE, which > >>> AFAIR gained image activator support on several OSes, to be garbage > >>> collected. > >> > >> Maybe it would then be a good idea then to add some kind of general > >> purpose remapping imgact? Example: > >> > >> /etc/imgacttab: > >> > >> cafebabe /usr/local/bin/java > >> cffaedfe /usr/local/bin/osx_emulator > >> 4243c0de /usr/bin/lli > >> > >> That way we still give people the freedom to play around with mapping > >> their own executable formats, but don't need to maintain a bunch of > >> imgacts. > > > > A generic module that could be somewhat customized at runtime to map > > offset+signature into the shebang path could be a possibility indeed. > > I strongly prefer to have it as module and not enabled by default. > > > > Asking Nathan for writing the thing is too much, IMHO, esp. in > > the response to the 50-lines hack. > > > > I think this is a good idea, since it both prevents a profusion of > similar activators and works nicely in jails and similar environments. I > probably won't write it quickly, but it should not take more than about > 50 lines, so I can't imagine it will be that bad. There are some > complications with this kind of design from the things in the XXX > comment in imgact_llvm.c about handling argv[0] that I need to think > some more about. Great. I do not believe in the 50 lines, but I am happy that you want to work this out.
> > Why are you opposed to having it there by default? I think it's actually > quite important that it be there by default. Having it not "standard" > would be fine, but it should at least be in GENERIC. There are minimal > security risks since it just munges begin_argv and doesn't even load the > executable and it's little enough code that there should not be any > kernel bloat to speak of. If things like this aren't enabled by default, > no one can depend on them being there, no one will use it, and the point > is entirely lost. All image activators demonstrated a constant stream of security holes. Even our ELF activator, and I was guilty there too. I definitely do not fight over the inclusion of the proposed activator into GENERIC, but do insist on the config option + module.
pgp3Uq5ClzLFK.pgp
Description: PGP signature
