1 |
On 9/30/15 12:18 PM, Ian Stakenvicius wrote: |
2 |
> -----BEGIN PGP SIGNED MESSAGE----- |
3 |
> Hash: SHA256 |
4 |
> |
5 |
> On 30/09/15 07:42 AM, hasufell wrote: |
6 |
>> * libressl has to conflict with openssl |
7 |
> Right now libressl exports many of the same symbols as openssl |
8 |
> right? What if it didn't -- that is, we forced a symver map with a |
9 |
> libressl prefix on all symbols? That would ensure anything built |
10 |
> against libressl would not b0rk if openssl was loaded, or more |
11 |
> specifically, if something else was loaded that was built against |
12 |
> and links to openssl. |
13 |
|
14 |
Yes you could use symbol versioning, and you can do the side by side by |
15 |
renaming the library but that's a real pita for us since we'd have to |
16 |
hack build systems to link against the correct library name. Ths should |
17 |
have been done upstream. |
18 |
|
19 |
An example of how this could be done is xattrs which is provided both by |
20 |
your libc and by libattr. Most of your systems already have this so |
21 |
here's a little toy program: |
22 |
|
23 |
#include <stdio.h> |
24 |
#include <sys/types.h> |
25 |
#include <sys/xattr.h> |
26 |
|
27 |
int main() { |
28 |
char x[] = "/tmp/test.XXXXXX"; |
29 |
int fd = mkostemp(x); |
30 |
fsetxattr(fd, "user.test", "test", 4, 0); |
31 |
close(fd); |
32 |
unlink(x); |
33 |
} |
34 |
|
35 |
which you can compile and read the symbols as follows: |
36 |
|
37 |
1. linking against libc: |
38 |
|
39 |
# gcc -o test test.c |
40 |
|
41 |
# readelf -sW test | grep fsetxattr |
42 |
2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND |
43 |
fsetxattr@GLIBC_2.3 (3) |
44 |
36: 0000000000000000 0 FUNC GLOBAL DEFAULT UND |
45 |
fsetxattr@@GLIBC_2.3 |
46 |
|
47 |
# readelf -sW /lib/libc.so.6 | grep fsetxattr |
48 |
1929: 00000000000f50f0 36 FUNC GLOBAL DEFAULT 11 |
49 |
fsetxattr@@GLIBC_2.3 |
50 |
|
51 |
|
52 |
2. linking against libattr: |
53 |
|
54 |
# gcc -o test test.c -lattr |
55 |
|
56 |
# readelf -sW test | grep fsetxattr |
57 |
3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND |
58 |
fsetxattr@ATTR_1.0 (3) |
59 |
36: 0000000000000000 0 FUNC GLOBAL DEFAULT UND |
60 |
fsetxattr@@ATTR_1.0 |
61 |
|
62 |
# readelf -sW /lib/libattr.so.1 | grep fsetxattr |
63 |
44: 0000000000003c40 85 FUNC GLOBAL DEFAULT 11 |
64 |
fsetxattr@@ATTR_1.0 |
65 |
|
66 |
> |
67 |
> This wouldn't need any rdep patching at all, and would ensure symbol |
68 |
> collisions between the two projects would not occur. It doesn't |
69 |
> explicitly enable side-by-side installation but it would help ensure |
70 |
> things built for one project wouldn't use symbols from the other's |
71 |
> lib expecting compatibility and randomly fail. |
72 |
> |
73 |
> ...or am I mis-understanding the major issue with the |
74 |
> libressl/openssl conflict? |
75 |
|
76 |
You'd have to name the libraries differently and you'd have to hack the |
77 |
LDLFAGS to aim the build to the correct library. That, in my opinion, |
78 |
is the killer to this idea. There is also the issue that some libc's |
79 |
like uclibc don't do symbol versioning, but I would deal with that in |
80 |
other ways. |
81 |
|
82 |
For what its worth, hasufell's idea is the best we have. The virtual |
83 |
won't work because of the danger of switching between openssl and |
84 |
libressl because we haven't cleaned up the whole || ( dep dep ) logic. |
85 |
You want a system with either one or the other, so have them block and |
86 |
choose between them with a USE flag. |
87 |
|
88 |
@hasufell. Sorry I didn't help more with this project, but real life is |
89 |
kicking my butt these days. But total support from my end and thanks. |
90 |
The OpenBSD peeps have an excellent reputation and while I can't claim |
91 |
to have looked at their code in detail and convinced myself directly, I |
92 |
trust them based on their track record. I plan to make use of libressl |
93 |
for enhanching security on the releng stuff I push out. That wiki page |
94 |
comparing security flaws doesn't surprise me. Time will tell who will |
95 |
have the best record in the long run. |
96 |
|
97 |
@rich0. Just a side comment. You said somewhere that maybe apache will |
98 |
choose openssl and postfix libressl and then we'll be in trouble. No. |
99 |
The incompatibility is at the abi not api level. So, for example, some |
100 |
struct size might be different between the two because of internal |
101 |
implementation details, but both should provide a definition of the same |
102 |
struct in their header with the same members. ie. apache should compile |
103 |
against either openssl or libressl and work, you just can't swap out |
104 |
your libssl without recompiling apache which you could do if you had |
105 |
full api compat. |
106 |
|
107 |
> |
108 |
> |
109 |
> -----BEGIN PGP SIGNATURE----- |
110 |
> Version: GnuPG v2 |
111 |
> |
112 |
> iF4EAREIAAYFAlYMC3EACgkQAJxUfCtlWe34nwD+N+4s1ZFVLS8CGokYOEa64U6o |
113 |
> EINP0tsAe2EyA/cpy6oBANoIyxf7bfPStLPofV1ZW7/7+z3DsmtSqYztsU6dptmz |
114 |
> =oAIp |
115 |
> -----END PGP SIGNATURE----- |
116 |
> |
117 |
|
118 |
|
119 |
-- |
120 |
Anthony G. Basile, Ph.D. |
121 |
Gentoo Linux Developer [Hardened] |
122 |
E-Mail : blueness@g.o |
123 |
GnuPG FP : 1FED FAD9 D82C 52A5 3BAB DC79 9384 FA6E F52D 4BBA |
124 |
GnuPG ID : F52D4BBA |