Re: not exactly (Re: systrace removed? Why?)
if someone's interested, here a list of fs differences between 6.0 upgraded from 5.9, and 6.0 install, i found, with some obvious differences like smtpd spool or sysmerge backups removed (amd64/qemu): http://pastebin.com/raw/VPkdbvxy (text/plain) (not pasting because of long lines) hth
Re: not exactly (Re: systrace removed? Why?)
Sent from my iPhone On Sep 3, 2016, at 12:46 PM, Michal Bozonwrote: >> good(?) news: sysmerge is gone in 6.0 >> but not removed by 5.9 to 6.0 uprade process. > > s/sysmerge/systrace/ > pledge()
Re: not exactly (Re: systrace removed? Why?)
> > good(?) news: sysmerge is gone in 6.0 > > but not removed by 5.9 to 6.0 uprade process. > > > > I really have a hard time understanding what you're trying to point out. > > Yes, systrace is gone, but it's an ordinary binary that does no harm, > feel free to remove it if it makes you feel better. > > sysmerge isn't gone, but it is executed automatically if you use a > bsd.rd upgrade, hence it's only mentioned in the manual upgrade process. ok, never mind, i have just spotted it when comparing fs trees of freshly installed 6.0 and freshly installed/upgraded 5.9/6.0 .. and made sure to report it immediately, since the removal of systrace is advertised as a security enhancement :)
Re: not exactly (Re: systrace removed? Why?)
> good(?) news: sysmerge is gone in 6.0 > but not removed by 5.9 to 6.0 uprade process. s/sysmerge/systrace/
Re: not exactly (Re: systrace removed? Why?)
On Sat, Sep 03, 2016 at 05:37:22PM +, Michal Bozon wrote: > > Why? > > good(?) news: sysmerge is gone in 6.0 > but not removed by 5.9 to 6.0 uprade process. > I really have a hard time understanding what you're trying to point out. Yes, systrace is gone, but it's an ordinary binary that does no harm, feel free to remove it if it makes you feel better. sysmerge isn't gone, but it is executed automatically if you use a bsd.rd upgrade, hence it's only mentioned in the manual upgrade process.
not exactly (Re: systrace removed? Why?)
> Why? good(?) news: sysmerge is gone in 6.0 but not removed by 5.9 to 6.0 uprade process.
Re: systrace removed? Why?
On 2016-04-27, Marc Espiewrote: > Race-conditiony things that make you go hum, oh shit is this thing > more dangerous than what it's actually potecting. Plus semantic bugs. > Like the time we had to hunt a really weird copy bug in the qt code until > we realized it was just systrace fucking up. Then there was the instance where a configure script would produce a different result when run under systrace, causing a port to be built differently. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: systrace removed? Why?
There were some significant issues with systrace over the years. Race-conditiony things that make you go hum, oh shit is this thing more dangerous than what it's actually potecting. Plus semantic bugs. Like the time we had to hunt a really weird copy bug in the qt code until we realized it was just systrace fucking up. Good riddance.
Re: systrace removed? Why?
> it is not important. > > systrace was effectively deprecated 4-10 years ago, when there stopped > being a maintainer for it, or the broken ecosystem surrounding. > > That was a gap needed to consider a replacement model. > > What do you want here? I guess nothing important. I am happy with pledge (I love it) as a replacement. I was simply wondering what the potential dangers are for my web server that utilises systrace on 5.9 along with newly pledged base processes and a few port processes, currently it appears to be working fine, perhaps it's performance has sufferred but I haven't noticed. I guess it takes hundreds of syscalls to notice and I will simply switch to pledge when performance requirements demand my time which I hope will happen within 6 months ;) . I already had plans to move to a potentially custom pledged c binary (if my use case can be more restricted) and a nicer and lighter system anyway. So thanks for the hard work. -- KISSIS - Keep It Simple So It's Securable
Re: systrace removed? Why?
>> how do you mean? what happens on 5.9 when you use systrace with pledged >> programs? Does cpu usage go through the roof by any chance? That would >> explain why I have had to disable it to avoid waiting so long for >> systraced desktop programs. > >hmmm, actually I guess the claws-mail port may not be pledged yet but >cpu usage seemed to go through the roof on 5.9 anyways. So it is just some theory you invented, without any facts?
Re: systrace removed? Why?
>> > Unfortunately systrace overhead can be significant for monitoring >> > complex programs but it could potentially be useful as a part of a >> > (HIPS or system intrusion or malfunction detection for a secure >> > server). hmmm, assuming pledge doesn't kill the offending process first, >> > haha. >> >> systrace and pledge did not work together. So that's balony. > >how do you mean? what happens on 5.9 when you use systrace with pledged >programs? Does cpu usage go through the roof by any chance? That would >explain why I have had to disable it to avoid waiting so long for >systraced desktop programs. it is not important. systrace was effectively deprecated 4-10 years ago, when there stopped being a maintainer for it, or the broken ecosystem surrounding. That was a gap needed to consider a replacement model. What do you want here?
Re: systrace removed? Why?
> how do you mean? what happens on 5.9 when you use systrace with pledged > programs? Does cpu usage go through the roof by any chance? That would > explain why I have had to disable it to avoid waiting so long for > systraced desktop programs. hmmm, actually I guess the claws-mail port may not be pledged yet but cpu usage seemed to go through the roof on 5.9 anyways. -- KISSIS - Keep It Simple So It's Securable
Re: systrace removed? Why?
> > Unfortunately systrace overhead can be significant for monitoring > > complex programs but it could potentially be useful as a part of a > > (HIPS or system intrusion or malfunction detection for a secure > > server). hmmm, assuming pledge doesn't kill the offending process first, > > haha. > > systrace and pledge did not work together. So that's balony. how do you mean? what happens on 5.9 when you use systrace with pledged programs? Does cpu usage go through the roof by any chance? That would explain why I have had to disable it to avoid waiting so long for systraced desktop programs. Thanks -- KISSIS - Keep It Simple So It's Securable
Re: systrace removed? Why?
> > I guess the question is: how many people actually use systrace in > > scripts? Probably very very few. >From yesterday onwards, noone uses it. > I use it in scripts but will look to switching to pledge when I > have time, which I *should* be able to find in the next 6 months, haha. > It is however sometimes insightful as a quick and dirty debugging tool. If you stick to old code, sure. > Unfortunately systrace overhead can be significant for monitoring > complex programs but it could potentially be useful as a part of a > (HIPS or system intrusion or malfunction detection for a secure > server). hmmm, assuming pledge doesn't kill the offending process first, > haha. systrace and pledge did not work together. So that's balony. > I guess pledging /bin/sh may throw up challenges too though I see many > pledges in csh? sh is pledged. > and so is systrace useful there? systrace was removed, so how can it be useful?
Re: systrace removed? Why?
> I guess the question is: how many people actually use systrace in > scripts? Probably very very few. I use it in scripts but will look to switching to pledge when I have time, which I *should* be able to find in the next 6 months, haha. It is however sometimes insightful as a quick and dirty debugging tool. Unfortunately systrace overhead can be significant for monitoring complex programs but it could potentially be useful as a part of a (HIPS or system intrusion or malfunction detection for a secure server). hmmm, assuming pledge doesn't kill the offending process first, haha. I guess pledging /bin/sh may throw up challenges too though I see many pledges in csh? and so is systrace useful there? -- KISSIS - Keep It Simple So It's Securable
Re: systrace removed? Why?
On 2016-04-26, arrowscr...@mail.comwrote: > Of course, you can put it on packages Nope.
Re: systrace removed? Why?
arrowscr...@mail.com wrote: > I know about the pledge(2) development, but systrace and pledge are > not mutually exclusive. Pledge need to be used inline, where systrace > can be used as a command line tool. > > If you remove it, many scripts that use systrace for privilege > reduction will broke. I guess the question is: how many people actually use systrace in scripts? Probably very very few. > Of course, you can put it on packages, but if you follow this logic, > shouldn't other tools be also removed and be on packages? banner(1) > for example, is kind useless. The cpan(1) pkg manager from perl also > could be in packages. Same with sqlite3, I think. Or telnet, since > almost no one uses it anymore. Etc. I'm pretty sure that you can't package systrace because it needs to be supported by the kernel. I expect that that's part of the reason why it was removed: axing it simplifies and quickens the kernel.
Re: systrace removed? Why?
I know about the pledge(2) development, but systrace and pledge are not mutually exclusive. Pledge need to be used inline, where systrace can be used as a command line tool. If you remove it, many scripts that use systrace for privilege reduction will broke. Of course, you can put it on packages, but if you follow this logic, shouldn't other tools be also removed and be on packages? banner(1) for example, is kind useless. The cpan(1) pkg manager from perl also could be in packages. Same with sqlite3, I think. Or telnet, since almost no one uses it anymore. Etc.
Re: systrace removed? Why?
Why not? In a more serious way, read misc@ and tech@ particuarly in the subject about pledge. -luis On Monday, 25 April 2016,wrote: > Why?
systrace removed? Why?
Why?