* Roland Mainz <[email protected]> [2009-08-21 23:35]: > Stephen Hahn wrote: > [CC:'ing [email protected] to get some feedback from there] > > Please read > > > > http://blogs.sun.com/sch/entry/verexec_1_a_simple_execute > > > > for some background, and then review > > > > http://cr.opensolaris.org/~sch/on-verexec/ > > > > I'm debating implementing some of the refinements mentioned in the > > blog entry, as well as providing manual pages for both verexec(1) and > > isaexec(1). > > 1. What do you do if a script clears it's environment, e.g. removes all > environment variables except those it thinks are "safe" ?
verexec(1) has its main directory path hardcoded. > 2. How wide will this be used, e.g. which utilties/commands do you > target with this ? Python, Perl, Java, etc. The primary use case is for those executables we ship multiple versions (not variants) to preserve compatibility, usually with respect to loadable binary modules. So, for Perl, we would see /usr/bin/perl /usr/perl5/bin/perl as hardlinks to verexec(1), with symlinks in /etc/verexec.d/perl/5.8.x and /etc/verexec.d/perl/5.10.x to the respective binaries in /usr/perl5/5.8.x/bin/perl and /usr/perl5/5.10.x/bin/perl. > 3. I have two concerns about performance: I don't believe these performance impacts are relevant here; the executables under consideration are long running in comparison to their exec(2) costs. - Stephen -- [email protected] http://blogs.sun.com/sch/ _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
