Re: Someone using COMPAT_SVR4(_32) ?

[Maxime Villard <max%m00nbsd.net@localhost>]

Le 01/08/2017 à 00:04, Eduardo Horvath a écrit :
> On Mon, 31 Jul 2017, Maxime Villard wrote:
>
> > Hi,
> > Recently, a number of security issues were found in COMPAT_SVR4 and
> > COMPAT_SVR4_32. Due to lack of maintenance and interest from developers, these
> > options are not reliable, and undermine the overall code quality of the
> > system.
> >
> > I would like to know whether someone here actively uses COMPAT_SVR4 and/or
> > COMPAT_SVR4_32, and if this use case justifies keeping these options in the
> > system. I plan to remove both of them, but I'd like some feedback.
> >
> > Note that these options are now disabled by default.
>
> Don't get rid of COMPAT_SVR4*.  It's used to run Solaris binaries.
> If you need to run a Solaris binary then trying to reimplement COMPAT_SVR4
> from scratch is a huge pain compared to just fixing some breakage.
>
> If it isn't enabled then it isn't a security hole.

You didn't understand what I said. Yes, COMPAT_SVR4 is used to run Solaris
binaries, it's written on the man page. My question was: which binary exactly?
And is it a binary that is of overriding importance, that does not exist on
Linux and is not open source?

This feature has not been maintained, and is proven unreliable and buggy. It
is not a critical security issue anymore, because I've indeed disabled it. So
far it was enabled only because people were saying "it's used to run Solaris
binaries", but these people never put up some effort to maintain it.

Having it disabled does not alter the fact that this piece of code will keep
rotting, and that it undermines the overall code quality of the system.

Maxime