Re: make COMPAT_LINUX match SYSV binaries

[coypu%sdf.org@localhost]

On Tue, Oct 20, 2020 at 07:11:05PM +0000, coypu%sdf.org@localhost wrote:
> hello,
> 
> As a background, some Linux binaries don't claim to be targeting the
> Linux OS, but instead are "SYSV".
> 
> We have used some heuristics to still identify those binaries as being
> Linux binaries, like looking into the symbols defined by the binary.
> 
> it looks like we no longer have other forms of compat expected to use
> SYSV ELF binaries. Perhaps we should drop this elaborate detection logic
> in favour of detecting SYSV == Linux?
> 
> As an added bonus, it allows detecting binaries built with a musl
> toolchain as being Linux binaries.
> 

I feel compelled to explain further:
any OS that doesn't rely on this tag is prone to spitting out binaries
with the wrong tag. For example, Go spits out Solaris binaries with SYSV
as well.

Our current solution to it is the kernel reading through the binary,
checking if it contains certain known symbols that are common on Linux.

We support the following forms of compat:

ultrix			not ELF
sunos			not ELF (we support only oooooold stuff)
freebsd			always correctly tagged, because the native OS
			checks this, like we do.
linux			ELF, not always correctly tagged


So, currently, we only support one OS that has this problem, which is
linux. I am proposing we take advantage of it.

In the event someone adds support for another OS with this problem (say,
modern Solaris), I don't expect this compat to be enabled by default,
for security reasons. So the problem will only occur if a user enables
both forms of compat at the same time.

Users already have to opt in to have Linux compat support. I think it is
a lot to ask to have them tag every binary.