tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: make COMPAT_LINUX match SYSV binaries

On 21.10.2020 14:14, wrote:
> On Tue, Oct 20, 2020 at 07:11:05PM +0000, wrote:
>> hello,
>> As a background, some Linux binaries don't claim to be targeting the
>> Linux OS, but instead are "SYSV".
>> We have used some heuristics to still identify those binaries as being
>> Linux binaries, like looking into the symbols defined by the binary.
>> it looks like we no longer have other forms of compat expected to use
>> SYSV ELF binaries. Perhaps we should drop this elaborate detection logic
>> in favour of detecting SYSV == Linux?
>> As an added bonus, it allows detecting binaries built with a musl
>> toolchain as being Linux binaries.
> I feel compelled to explain further:
> any OS that doesn't rely on this tag is prone to spitting out binaries
> with the wrong tag. For example, Go spits out Solaris binaries with SYSV
> as well.
> Our current solution to it is the kernel reading through the binary,
> checking if it contains certain known symbols that are common on Linux.
> We support the following forms of compat:
> ultrix			not ELF
> sunos			not ELF (we support only oooooold stuff)
> freebsd			always correctly tagged, because the native OS
> 			checks this, like we do.
> linux			ELF, not always correctly tagged
> So, currently, we only support one OS that has this problem, which is
> linux. I am proposing we take advantage of it.
> In the event someone adds support for another OS with this problem (say,
> modern Solaris), I don't expect this compat to be enabled by default,
> for security reasons. So the problem will only occur if a user enables
> both forms of compat at the same time.
> Users already have to opt in to have Linux compat support. I think it is
> a lot to ask to have them tag every binary.

I couldn't run musl binaries without either patching the kernel or ELF
files, so I'm for making this easier.

In my case, I had to add manually build-id tag to musl binaries. For
some reason someone in the kernel assumed that they are always present,
which is just a special case in some distros.

Attachment: signature.asc
Description: OpenPGP digital signature

Home | Main Index | Thread Index | Old Index