On 21.10.2020 14:14, coypu%sdf.org@localhost wrote: > On Tue, Oct 20, 2020 at 07:11:05PM +0000, coypu%sdf.org@localhost wrote: >> hello, >> >> As a background, some Linux binaries don't claim to be targeting the >> Linux OS, but instead are "SYSV". >> >> We have used some heuristics to still identify those binaries as being >> Linux binaries, like looking into the symbols defined by the binary. >> >> it looks like we no longer have other forms of compat expected to use >> SYSV ELF binaries. Perhaps we should drop this elaborate detection logic >> in favour of detecting SYSV == Linux? >> >> As an added bonus, it allows detecting binaries built with a musl >> toolchain as being Linux binaries. >> > > I feel compelled to explain further: > any OS that doesn't rely on this tag is prone to spitting out binaries > with the wrong tag. For example, Go spits out Solaris binaries with SYSV > as well. > > Our current solution to it is the kernel reading through the binary, > checking if it contains certain known symbols that are common on Linux. > > We support the following forms of compat: > > ultrix not ELF > sunos not ELF (we support only oooooold stuff) > freebsd always correctly tagged, because the native OS > checks this, like we do. > linux ELF, not always correctly tagged > > > So, currently, we only support one OS that has this problem, which is > linux. I am proposing we take advantage of it. > > In the event someone adds support for another OS with this problem (say, > modern Solaris), I don't expect this compat to be enabled by default, > for security reasons. So the problem will only occur if a user enables > both forms of compat at the same time. > > Users already have to opt in to have Linux compat support. I think it is > a lot to ask to have them tag every binary. > I couldn't run musl binaries without either patching the kernel or ELF files, so I'm for making this easier. In my case, I had to add manually build-id tag to musl binaries. For some reason someone in the kernel assumed that they are always present, which is just a special case in some distros.
Attachment:
signature.asc
Description: OpenPGP digital signature