Malloc config became global sysctl in 6.5

classic Classic list List threaded Threaded
26 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: Malloc config became global sysctl in 6.5

Otto Moerbeek
On Sun, Apr 28, 2019 at 02:07:44AM +0700, Igor Podlesny wrote:

> On Sun, 28 Apr 2019 at 00:59, <[hidden email]> wrote:
> [...]
> > >
> > > Oh, those hypocrite wankers here and there..
> >
> > If you actually read the code (I know, right? Who DOES that?) you'll see how omalloc_init perfectly embarrasses you. In 6.4 it would read the symlink, then checked the environment, and then consider the global variable malloc_options. In 6.5 it is ... exactly the same except that now sysctl is used instead of readlink (and hooray for sanity).
> >
> > At no time was any attempt ever made by libc to force a programme to use only the settings from sysctl née malloc.conf. If you had been using the environment variable from the beginning you would have been in _exactly_ the same position all that time as you are now. The security you think you've been relying on and have now lost was never there. You have been protecting yourself with security theatre.
> >
> > Matthew
>
> Matthew, LOL, what?
> Read the code?
> You didn't even read the whole comment thread where I did explain that
> I was mostly concerned with cleared up environment other than changed
> options of that variable.
>
> Actually, I'd say that preparing chroots with malloc.conf as a symlink
> is more straightforward, more enforcing and easier to verify other
> than putting that as an environment option that would actually have to
> be read before target is running. And (of course) given with symlink
> it can't be so easily vanished when the whole environment is cleared
> up by user space.
>
> All-in-all, I didn't rely on this anyways.
> My question was purely theoretical and reaction was practically clumsy. :)
> Looks like decision made aren't subjects of discussing(?) Well, why
> the hell you have those mail lists then(?) :)
> For users to come and thank you and say you did all the best possible
> way only? :)
> To never question any decision? Seriously? No, really? C'mon, you
> gotta be kidding.
>
> --
> End of message. Next message?
>

The mechanism is in the docs as well, not only in the code. You
ignored my post about the symlink being confusing and error prone
since the time it is read (before or after the chroot) is program
dependent. It might even depend on options gives to a program when the
first malloc call happens, making it even more unclear which symlink
is being used.  Add the complexity with respect to unveil and pledge
and it is clear why we replaced it.

        -Otto




Reply | Threaded
Open this post in threaded view
|

Re: Malloc config became global sysctl in 6.5

chohag
In reply to this post by Igor Podlesny-2
Igor Podlesny writes:

> On Sun, 28 Apr 2019 at 00:59, <[hidden email]> wrote:
> [...]
> > >
> > > Oh, those hypocrite wankers here and there..
> >
> > If you actually read the code (I know, right? Who DOES that?) you'll see how omalloc_
> init perfectly embarrasses you. In 6.4 it would read the symlink, then checked the envi
> ronment, and then consider the global variable malloc_options. In 6.5 it is ... exactly
>  the same except that now sysctl is used instead of readlink (and hooray for sanity).
> >
> > At no time was any attempt ever made by libc to force a programme to use only the set
> tings from sysctl née malloc.conf. If you had been using the environment variable from
> the beginning you would have been in _exactly_ the same position all that time as you a
> re now. The security you think you've been relying on and have now lost was never there
> . You have been protecting yourself with security theatre.
> >
> > Matthew
>
> Matthew, LOL, what?
> Read the code?
> You didn't even read the whole comment thread where I did explain that
> I was mostly concerned with cleared up environment other than changed
> options of that variable.

No, I did. I dismissed your arguments because they come from someone
who plainly has no idea what "the environment" even is.

malloc.c is quite lucid. Your continuing to spout off having clearly not
even glanced at it is a sorry state of affairs. But this is unix. We'll
continue to hand you as much rope as you like.

> Actually, I'd say that preparing chroots with malloc.conf as a symlink
> is more straightforward, more enforcing and easier to verify other
> than putting that as an environment option that would actually have to
> be read before target is running.

How in the ... Stay the hell away from my servers.

> And (of course) given with symlink
> it can't be so easily vanished when the whole environment is cleared
> up by user space.

/etc/malloc.conf can disappear exactly as easily as /etc/profile and
/etc/login.conf. More easily, in fact, if a tool to "handle" broken
symlinks gets involved.

> All-in-all, I didn't rely on this anyways.
> My question was purely theoretical and reaction was practically clumsy. :)

No, the reaction was dismissive of your complete lack of research and
understanding. Why should the developers or us other list members take
the time to read and understand the code you can't be arsed to?

In order to find out exactly how malloc handles its various
configuration sources took approximately 5 minutes of browsing on
cvsweb.openbsd.org to find the appropriate function and I don't even
know C that well. Your unwillingness to do even that is why you're being
treated with such derision.

> Looks like decision made aren't subjects of discussing(?) Well, why
> the hell you have those mail lists then(?) :)

Building something as large as OpenBSD simply cannot be done without
discussion so this is either a poor quality attempt at derision or
some sort of delusion. In fact I imagine that intellient discussion is
restricted to places where the general public are not permitted so that
it remain intelligent - for which I am most grateful. It's quite clear
why you've not been invited.

tl;dr: You don't understand and your ranting is just turning you into a
spectacle. Please do continue; I have popcorn.

Matthew

Reply | Threaded
Open this post in threaded view
|

Re: Malloc config became global sysctl in 6.5

Thomas Frohwein-2
In reply to this post by Igor Podlesny-2
On Sun, Apr 28, 2019 at 02:07:44AM +0700, Igor Podlesny wrote:
[...]
> Looks like decision made aren't subjects of discussing(?) Well, why
> the hell you have those mail lists then(?) :)

Igor:
The actual purpose of misc@ is for us to learn that you are among the people to
ignore.

Everyone else:
Move along, nothing to see here.

Reply | Threaded
Open this post in threaded view
|

Re: Malloc config became global sysctl in 6.5

chohag
In reply to this post by Otto Moerbeek
Otto Moerbeek writes:
>
> The mechanism is in the docs as well, not only in the code. You

You are of course correct, and OpenBSD has some of the best documentation
I've ever seen, but I've spent so long in linux land that whenever I'm
met with the question of how *exactly* something works, I just go straight
to the source. Source code can't lie (trusting trust notwithstanding).

> ignored my post about the symlink being confusing and error prone
> since the time it is read (before or after the chroot) is program
> dependent. It might even depend on options gives to a program when the
> first malloc call happens, making it even more unclear which symlink
> is being used.  Add the complexity with respect to unveil and pledge
> and it is clear why we replaced it.

And I'm grateful. Having options - and such low-level options at
that! - encoded in such a weird way has always felt extremely
unopenbsd-like. This is another step toward sanity.

Simplicity! Thank you, devs.

Matthew

Reply | Threaded
Open this post in threaded view
|

Re: Malloc config became global sysctl in 6.5

Consus-2
In reply to this post by Thomas Frohwein-2
On 12:43 Sat 27 Apr, Thomas Frohwein wrote:
> Move along, nothing to see here.

I want to see more butthurting Theo!

Reply | Threaded
Open this post in threaded view
|

Re: Malloc config became global sysctl in 6.5

Igor Podlesny-2
In reply to this post by Thomas Frohwein-2
On Sun, 28 Apr 2019 at 02:43, Thomas Frohwein <[hidden email]> wrote:
>
> On Sun, Apr 28, 2019 at 02:07:44AM +0700, Igor Podlesny wrote:
> [...]
> > Looks like decision made aren't subjects of discussing(?) Well, why
> > the hell you have those mail lists then(?) :)
>
> Igor:
> The actual purpose of misc@ is for us to learn that you are among the people to
> ignore.

You don't understand what "to ignore" mean then. Or fail to do what
you say. Or learn too slow. ;-)

--
End of message. Next message?

12