In-Reply-To: <202404150105.43F15VoL068210@donotpassgo.dyslexicfish.net> References: <erhqcnky6qf4adlupgtszkmrihthbdc2tbwtbhgzyltl3pl42c@gsdzinackzhh> <202404150105.43F15VoL068210@donotpassgo.dyslexicfish.net>
| previous in thread | raw e-mail | index | archive | help
--4fnylkubg4nkpsqf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 15, 2024 at 02:05:31AM +0100, Jamie Landeg-Jones wrote: > Shawn Webb <shawn.webb@hardenedbsd.org> wrote: >=20 > > 1. Enhance crunchgen(1) to support libc built with LTO. > > 2. Kick crunchgen(1) to the curb. > > 3. Other ideas from the community are possible. > > > > Does anyone find crunchgen(1) to be truly useful in 2024? If we kick > > crunchgen(1) to the curb, we need to modify the build system for > > /rescue binaries. >=20 > Please note, my response is not considering the security aspects you rais= e, > and is only based on the usefulness of /rescue itself. >=20 > Do you mean get rid of /rescue, or just getting rid of crunchgen producing > it? I recognize now that the way I phrased things left room for ambiguity. I apologize for the ambiguity. We do indeed want to keep /rescue around. I still have the occasional use for it, as do many others. The only thing that would change would be that the applications in /rescue would be regular statically-linked executables. We would stop using crunchgen(1) to produce those executables. >=20 > I've been "rescued" by rescue on more than one location - usually systems > that won't mount /usr and also have a screwed up lib. >=20 > I wouldn't want to see a static /rescue disappear, and the size would pro= bably > be too large for individual binaries. There are around 148 files in my 15-CURRENT/amd64 /rescue. The size would likely baloon quite drastically. I think I will likely determine the level of effort to fix crunchgen(1) to work with LTO-ified libc. I might base my decision off that. Meanwhile, if anyone else has any info to pass along that could help in this journey, I would very much appreciate it. This touches bits that have a lot of history, and this is definitely a blind spot of mine. Thanks, --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A= 4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc --4fnylkubg4nkpsqf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmYdNE8ACgkQ/y5nonf4 4fqqKQ//Y8RShCks4+t6k4HHpLCDn1zYMGa+QCQihbdnabWysDanLudtXLg8l91O QhLAlqwo7HKRwB7TwwORSlLR0XxgGxvK0xjIdQ3nRvV/IopXFmfVEMU/adjsiqZI qjHrkHCn5ws225DtaKOCdkDobNG6WZJsmpbmFQT0kSccZUn0WVqGpJ9i9g4fWS0t +OwAlVanCzokFeN0TJKLA752eSji5chTX+OcErt4OhsPoRteF6dBXHI8a7fkcATC cQXpvgUVpl/NPnY6t9ZNVfLuuFDGJjUmNdmwrzwWjmANynfs+iDi1gfaTNQ0/fyE 3q1pIRCvk+bgcYDNOlePzQt/6T6o6CCEehwlNOjvdn7bHOQwRuC0JKlWzWL4lHIZ 54U6Db9PmOQ9c8Vd/nVLUv/ffRA9zyi/Fbt3Bxa82xh5nnBH5sh6DSy7PgJ/d+S1 Pk2XdWPDAc6EzSx879QMhM9kDmY1z8kbvZX2Auwa+adWkb3szKkIPPiv3poqqYfI iBoDg/HqMqNHSU48YEtJ4O74Rop7MvHRBEyNLPeZGZlTFvgElIQCAv4KUH8ggdM8 UiGYTHRXHfuEOg4VDgWj6FKTJEXJ8bY79HTOBhsWI4wuh9gwbrSdz/8q24mx64hk 0qjL7N3YUXDtZh4RwQd2SMJ/QpA0i+JnCI9Rd2bDnPrew33o04Y= =aG7e -----END PGP SIGNATURE----- --4fnylkubg4nkpsqf--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>