From owner-svn-src-all@freebsd.org Thu Jul 12 02:51:51 2018 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A90CC1047C03; Thu, 12 Jul 2018 02:51:51 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5919C763E2; Thu, 12 Jul 2018 02:51:51 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3B7351B7E5; Thu, 12 Jul 2018 02:51:51 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w6C2ppHC024545; Thu, 12 Jul 2018 02:51:51 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w6C2poUa024462; Thu, 12 Jul 2018 02:51:50 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <201807120251.w6C2poUa024462@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Thu, 12 Jul 2018 02:51:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r336217 - in head: . sys/kern usr.sbin/config X-SVN-Group: head X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: in head: . sys/kern usr.sbin/config X-SVN-Commit-Revision: 336217 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2018 02:51:51 -0000 Author: kevans Date: Thu Jul 12 02:51:50 2018 New Revision: 336217 URL: https://svnweb.freebsd.org/changeset/base/336217 Log: kern_environment: Give the static environment a chance to disable MD env This variable has been given the name "loader_env.disabled" as it's the primary way most people will have an MD environment. This restores the previously-default behavior of ignoring the loader(8) environment, which may be useful for vendor distributions or other scenarios where inheriting the loader environment may be considered a security issue or potentially breaking of a more locked-down environment. As the change to config(5) indicates, disabling the loader environment should not be a choice made lightly since it may provide ACPI hints and other useful things that the system can rely on to boot. An UPDATING entry has been added to mention an upgrade path for those that may have relied on the previous behavior. Discussed with: bde Relnotes: yes (maybe) Modified: head/UPDATING head/sys/kern/kern_environment.c head/usr.sbin/config/config.5 Modified: head/UPDATING ============================================================================== --- head/UPDATING Wed Jul 11 23:59:04 2018 (r336216) +++ head/UPDATING Thu Jul 12 02:51:50 2018 (r336217) @@ -31,6 +31,13 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 12.x IS SLOW: disable the most expensive debugging functionality run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) +20180711: + The static environment setup in kernel configs is no longer mutually + exclusive with the loader(8) environment by default. In order to + restore the previous default behavior of disabling the loader(8) + environment if a static environment is present, you must specify + loader_env.disabled=1 in the static environment. + 20180705: The ABI of syscalls used by management tools like sockstat and netstat has been broken to allow 32-bit binaries to work on Modified: head/sys/kern/kern_environment.c ============================================================================== --- head/sys/kern/kern_environment.c Wed Jul 11 23:59:04 2018 (r336216) +++ head/sys/kern/kern_environment.c Thu Jul 12 02:51:50 2018 (r336217) @@ -249,11 +249,10 @@ init_static_kenv(char *buf, size_t len) { char *eval; - md_envp = buf; - md_env_len = len; - md_env_pos = 0; - /* + * Give the static environment a chance to disable the loader(8) + * environment first. This is done with loader_env.disabled=1. + * * static_env and static_hints may both be disabled, but in slightly * different ways. For static_env, we just don't setup kern_envp and * it's as if a static env wasn't even provided. For static_hints, @@ -263,10 +262,21 @@ init_static_kenv(char *buf, size_t len) * We're intentionally setting this up so that static_hints.disabled may * be specified in either the MD env or the static env. This keeps us * consistent in our new world view. + * + * As a warning, the static environment may not be disabled in any way + * if the static environment has disabled the loader environment. */ - eval = kern_getenv("static_env.disabled"); - if (eval == NULL || strcmp(eval, "1") != 0) - kern_envp = static_env; + kern_envp = static_env; + eval = kern_getenv("loader_env.disabled"); + if (eval == NULL || strcmp(eval, "1") != 0) { + md_envp = buf; + md_env_len = len; + md_env_pos = 0; + + eval = kern_getenv("static_env.disabled"); + if (eval != NULL && strcmp(eval, "1") == 0) + *kern_envp = '\0'; + } eval = kern_getenv("static_hints.disabled"); if (eval != NULL && strcmp(eval, "1") == 0) *static_hints = '\0'; Modified: head/usr.sbin/config/config.5 ============================================================================== --- head/usr.sbin/config/config.5 Wed Jul 11 23:59:04 2018 (r336216) +++ head/usr.sbin/config/config.5 Thu Jul 12 02:51:50 2018 (r336217) @@ -23,7 +23,7 @@ .\" .\" $FreeBSD$ .\" -.Dd June 26, 2018 +.Dd July 11, 2018 .Dt CONFIG 5 .Os .Sh NAME @@ -125,13 +125,24 @@ environment will take precedence over environment vari and environment variables specified in the dynamic environment take precedence over both of these. .Pp +.Va loader_env.disabled=1 +may be specified in the static environment to disable the +.Xr loader 8 +environment. +Disabling the +.Xr loader 8 +should be done with caution and due consideration for whether or not it supplies +environment variables needed for properly booting the system. +.Pp .Va static_env.disabled=1 may be specified in the .Xr loader 8 -environment to disable use of this compiled-in environment. +environment to disable use of the static environment. This option has no effect if specified in any environment after the .Xr loader 8 environment is processed. +This option is not usable in conjunction with +.Va loader_env.disabled . .Pp This directive is useful for setting kernel tunables in embedded environments that do not start from