| 1 |
On 9/30/15 12:18 PM, Ian Stakenvicius wrote: |
| 2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 3 |
> Hash: SHA256 |
| 4 |
> |
| 5 |
> On 30/09/15 07:42 AM, hasufell wrote: |
| 6 |
>> * libressl has to conflict with openssl |
| 7 |
> Right now libressl exports many of the same symbols as openssl |
| 8 |
> right? What if it didn't -- that is, we forced a symver map with a |
| 9 |
> libressl prefix on all symbols? That would ensure anything built |
| 10 |
> against libressl would not b0rk if openssl was loaded, or more |
| 11 |
> specifically, if something else was loaded that was built against |
| 12 |
> and links to openssl. |
| 13 |
|
| 14 |
Yes you could use symbol versioning, and you can do the side by side by |
| 15 |
renaming the library but that's a real pita for us since we'd have to |
| 16 |
hack build systems to link against the correct library name. Ths should |
| 17 |
have been done upstream. |
| 18 |
|
| 19 |
An example of how this could be done is xattrs which is provided both by |
| 20 |
your libc and by libattr. Most of your systems already have this so |
| 21 |
here's a little toy program: |
| 22 |
|
| 23 |
#include <stdio.h> |
| 24 |
#include <sys/types.h> |
| 25 |
#include <sys/xattr.h> |
| 26 |
|
| 27 |
int main() { |
| 28 |
char x[] = "/tmp/test.XXXXXX"; |
| 29 |
int fd = mkostemp(x); |
| 30 |
fsetxattr(fd, "user.test", "test", 4, 0); |
| 31 |
close(fd); |
| 32 |
unlink(x); |
| 33 |
} |
| 34 |
|
| 35 |
which you can compile and read the symbols as follows: |
| 36 |
|
| 37 |
1. linking against libc: |
| 38 |
|
| 39 |
# gcc -o test test.c |
| 40 |
|
| 41 |
# readelf -sW test | grep fsetxattr |
| 42 |
2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND |
| 43 |
fsetxattr@GLIBC_2.3 (3) |
| 44 |
36: 0000000000000000 0 FUNC GLOBAL DEFAULT UND |
| 45 |
fsetxattr@@GLIBC_2.3 |
| 46 |
|
| 47 |
# readelf -sW /lib/libc.so.6 | grep fsetxattr |
| 48 |
1929: 00000000000f50f0 36 FUNC GLOBAL DEFAULT 11 |
| 49 |
fsetxattr@@GLIBC_2.3 |
| 50 |
|
| 51 |
|
| 52 |
2. linking against libattr: |
| 53 |
|
| 54 |
# gcc -o test test.c -lattr |
| 55 |
|
| 56 |
# readelf -sW test | grep fsetxattr |
| 57 |
3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND |
| 58 |
fsetxattr@ATTR_1.0 (3) |
| 59 |
36: 0000000000000000 0 FUNC GLOBAL DEFAULT UND |
| 60 |
fsetxattr@@ATTR_1.0 |
| 61 |
|
| 62 |
# readelf -sW /lib/libattr.so.1 | grep fsetxattr |
| 63 |
44: 0000000000003c40 85 FUNC GLOBAL DEFAULT 11 |
| 64 |
fsetxattr@@ATTR_1.0 |
| 65 |
|
| 66 |
> |
| 67 |
> This wouldn't need any rdep patching at all, and would ensure symbol |
| 68 |
> collisions between the two projects would not occur. It doesn't |
| 69 |
> explicitly enable side-by-side installation but it would help ensure |
| 70 |
> things built for one project wouldn't use symbols from the other's |
| 71 |
> lib expecting compatibility and randomly fail. |
| 72 |
> |
| 73 |
> ...or am I mis-understanding the major issue with the |
| 74 |
> libressl/openssl conflict? |
| 75 |
|
| 76 |
You'd have to name the libraries differently and you'd have to hack the |
| 77 |
LDLFAGS to aim the build to the correct library. That, in my opinion, |
| 78 |
is the killer to this idea. There is also the issue that some libc's |
| 79 |
like uclibc don't do symbol versioning, but I would deal with that in |
| 80 |
other ways. |
| 81 |
|
| 82 |
For what its worth, hasufell's idea is the best we have. The virtual |
| 83 |
won't work because of the danger of switching between openssl and |
| 84 |
libressl because we haven't cleaned up the whole || ( dep dep ) logic. |
| 85 |
You want a system with either one or the other, so have them block and |
| 86 |
choose between them with a USE flag. |
| 87 |
|
| 88 |
@hasufell. Sorry I didn't help more with this project, but real life is |
| 89 |
kicking my butt these days. But total support from my end and thanks. |
| 90 |
The OpenBSD peeps have an excellent reputation and while I can't claim |
| 91 |
to have looked at their code in detail and convinced myself directly, I |
| 92 |
trust them based on their track record. I plan to make use of libressl |
| 93 |
for enhanching security on the releng stuff I push out. That wiki page |
| 94 |
comparing security flaws doesn't surprise me. Time will tell who will |
| 95 |
have the best record in the long run. |
| 96 |
|
| 97 |
@rich0. Just a side comment. You said somewhere that maybe apache will |
| 98 |
choose openssl and postfix libressl and then we'll be in trouble. No. |
| 99 |
The incompatibility is at the abi not api level. So, for example, some |
| 100 |
struct size might be different between the two because of internal |
| 101 |
implementation details, but both should provide a definition of the same |
| 102 |
struct in their header with the same members. ie. apache should compile |
| 103 |
against either openssl or libressl and work, you just can't swap out |
| 104 |
your libssl without recompiling apache which you could do if you had |
| 105 |
full api compat. |
| 106 |
|
| 107 |
> |
| 108 |
> |
| 109 |
> -----BEGIN PGP SIGNATURE----- |
| 110 |
> Version: GnuPG v2 |
| 111 |
> |
| 112 |
> iF4EAREIAAYFAlYMC3EACgkQAJxUfCtlWe34nwD+N+4s1ZFVLS8CGokYOEa64U6o |
| 113 |
> EINP0tsAe2EyA/cpy6oBANoIyxf7bfPStLPofV1ZW7/7+z3DsmtSqYztsU6dptmz |
| 114 |
> =oAIp |
| 115 |
> -----END PGP SIGNATURE----- |
| 116 |
> |
| 117 |
|
| 118 |
|
| 119 |
-- |
| 120 |
Anthony G. Basile, Ph.D. |
| 121 |
Gentoo Linux Developer [Hardened] |
| 122 |
E-Mail : blueness@g.o |
| 123 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
| 124 |
GnuPG ID : F52D4BBA |
Archives