Re: Someone using COMPAT_SVR4(_32) ?

To: John Nemeth <jnemeth%cue.bc.ca@localhost>, Dave McGuire <mcguire%neurotica.com@localhost>, port-sparc64%netbsd.org@localhost
Subject: Re: Someone using COMPAT_SVR4(_32) ?
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Wed, 2 Aug 2017 07:34:07 +0200

Le 01/08/2017 à 23:43, John Nemeth a écrit :

} No it's not. For your information, several vulnerabilities in compat_svr4
} were presented at DEFCON 25, and we now have wild kernel exploits out there,
} affecting NetBSD-6 and NetBSD-7. It's not just "buggy", it makes all of the
} system vulnerable - including your sparc64 machines.

      Uh, so what?  Bugs (including security bugs) are found in all
parts of the system on a regular basis.  Programming is hard.  "Any
program more complex then 'hello, world' is guaranteed to have
bugs."


And? Does it alter in any way that svr4 is particularly buggy, unmaintained and
seemingly rarely used? Not all parts of the system are like that.


} Again, if it "simply" needs to be fixed, why didn't you fix it? Seeing how
} things are turning out, this piece of code will not be maintained in the
} future, and therefore it will remain buggy for those who enable it.
}
} As said earlier, Solaris is under active development, but our implementation
} has not kept pace with the changes.
}
} If you would like to audit and maintain our compat_svr4 implementation, you
} are welcome. You can send patches to tech-kern@, they will be reviewed and
} certainly committed. But no one has ever audited it so far, and no one has
} shown any interest in doing that.

      This is a totally crap argument.  We do not regularly audit
code, which means that almost none of the tree has been formally
audited.  Most bugs are caught because they are hit, found by
Coverity, or caught in a regression test.  Ocassionally bugs are
caught by eyeballing the code (I've done this).


That's more or less a free sentence that does not mean anything: when several
bugs are found somewhere, it's just common sense to look at it more in detail.
What I'm saying is, if someone here is interested in doing this work, there is
no reason to remove compat_svr4.


} Finally, removing this piece of code has little to do with shiny stuff. It

      Uh, who gave you permission to do this?  This is not the type
of thing that gets decided by a single random developer and I
haven't seen any statements by core.


No one, and I'm just here to do some survey, and ask people how they use
compat_svr4 if they do. When I have some basic idea on the subject, I can open
a discussion. Nothing less, nothing more.


} has to do with making the code base clearer, in such a way that several of
} our ports are easier to maintain, and as a result, more functional.

      More like your own personal vendetta.


It is curious to see how you (John, Dave and Eduardo) are trying to put some
drama in this thread, while I'm just asking how people use compat_svr4. I did
the same for compat_freebsd, and I was given one single freebsd binary that has
a legitimate use case; and so the feature stayed.

I understand that you three do not use compat_svr4, because if you were, you
would have told me already. That's fine, I'm not accusing you of anything, I'm
just asking.

Maxime

Follow-Ups:
- Re: Someone using COMPAT_SVR4(_32) ?
  - From: Dave McGuire

References:
- Re: Someone using COMPAT_SVR4(_32) ?
  - From: John Nemeth

Prev by Date: Re: Someone using COMPAT_SVR4(_32) ?
Next by Date: Re: Someone using COMPAT_SVR4(_32) ?
Previous by Thread: Re: Someone using COMPAT_SVR4(_32) ?
Next by Thread: Re: Someone using COMPAT_SVR4(_32) ?
Indexes:

Home | Main Index | Thread Index | Old Index