Re: Removal of compat-FreeBSD

To: tech-kern%netbsd.org@localhost
Subject: Re: Removal of compat-FreeBSD
From: christos%astron.com@localhost (Christos Zoulas)
Date: Fri, 13 Feb 2015 22:14:44 +0000 (UTC)

In article <20150213192419.GB5825%britannica.bec.de@localhost>,
Joerg Sonnenberger  <joerg%britannica.bec.de@localhost> wrote:
>On Fri, Feb 13, 2015 at 09:26:48AM -0500, Greg Troxel wrote:
>> 
>> Maxime Villard <max%M00nBSD.net@localhost> writes:
>> 
>> > Apparently, compat-FreeBSD is needed by tw_cli users.
>> >
>> > Therefore I think I will just disable it by default in the GENERIC kernels,
>> > unless anyone disagrees.
>> 
>> Our norms for significant changes are more or less about consensus or
>> preponderance of opinion.  So far you've said that you want to
>> remove/disable this, and a number of people have said they use it.  No
>> one else has spoke up in favor of disabling.  We don't have evidence
>> that anyone (besides you) is disabling this in their kernels.
>
>I have asked the same question a long time ago when we pruned a bunch of
>other obsolete emulations. From a security stand point, I fully agree
>with Maxime. The usefulness of the FreeBSD emulation is *very* limited,
>it can't even handle most FreeBSD 4 binaries. I find it highly
>questionable to keep a non-trivial attack surface for the sake of a
>single device driver, which most people likely don't even have. I don't
>see any evidence in the tree of COMPAT_FREEBSD improving or any of the
>users of tw_cli working on improving the situation by removing the need
>for it. As such I find disabling COMPAT_FREEBSD by default a very good
>idea for increasing the visibility of the problem. Maybe someone who
>should be caring actually starts to...

I agree with joerg here. I think that reducing the footprint of
GENERIC for the benefit of security is the right approach to this
matter... We have the ALL kernel to test compilation, and the
approach should be that GENERIC should be appropriate for all
"normal" uses and I think COMPAT_FREEBSD belongs in the "fringe"
users side (or at least in the limited number of users). I.e.
If you want to run FreeBSD binaries, you can build your own kernel.

christos

Follow-Ups:
- Re: Removal of compat-FreeBSD
  - From: Matt Thomas

References:
- Removal of compat-FreeBSD
  - From: Maxime Villard
- Re: Removal of compat-FreeBSD
  - From: Maxime Villard
- Re: Removal of compat-FreeBSD
  - From: Greg Troxel
- Re: Removal of compat-FreeBSD
  - From: Joerg Sonnenberger

Prev by Date: Re: A brelse() in FFS...
Next by Date: Re: Dealing with debugging macros for printing as part of aprint clean-up
Previous by Thread: Re: Removal of compat-FreeBSD
Next by Thread: Re: Removal of compat-FreeBSD
Indexes:

Home | Main Index | Thread Index | Old Index