OpenBSD Journal

g2k14: Matthieu Herrb on Bringing X Forward

Contributed by tbert on from the #define-ing-progress dept.

Matthieu Herrb (matthieu@), who is the mad Frenchman who maintains Xenocara, writes in to share his g2k14 experience:

My main projects (multitouch, dhcpv6) didn't make any progress as I was distracted into X sets tweaks at the request of a few other hackers.

After much discussion this only led to the addition of ucpp in base (after a short detour by /usr/xenocara/app/xrdb-cpp) as /usr/libexec/auxcpp.

The reason is that xdrb (part of xbase which is required by many ports) needs a C pre-processor to run. But since gcc 4, /usr/bin/cpp is in the comp set because it's just another invocation of the full gcc. So xbase required the comp set to be installed.

This annoys 2 kind of people: those with appliances with small disks and the paranoid ones who don't want to provide a C compiler to attackers (which may be a good idea, when looking at components of the windigo operation).

So auxcpp is now part of the base set, and the depency of xbase on comp is gone. The X sets will stay in their current state for 5.6.

Otherwise, I've done a few updates on xenocara components. The xenocara tree is now mostly ready for 5.6.

I've nevertheless enjoyed the hackathon. Thanks to Mitja and his team for the organisation and to all foundation donors for the funding!

(Comments are closed)


Comments
  1. By jbc (182.249.247.157) on

    The paranoid interpretation sounds a bit stretched. What does gcc have over chmod and the Bourne shell? gcc is not setuid and can't do anything about uga permissions and noexec either. I can only think of bandwidth but a non-trivial C program isn't all that lean. You can send 1kb but not say 6kb for a specially crafted binary? If gcc is a problem then chmod needs to find a new tgz.

    Comments
    1. By Anonymous Coward (80.10.161.157) on

      > The paranoid interpretation sounds a bit stretched. What does gcc have over chmod and the Bourne shell? gcc is not setuid and can't do anything about uga permissions and noexec either. I can only think of bandwidth but a non-trivial C program isn't all that lean. You can send 1kb but not say 6kb for a specially crafted binary? If gcc is a problem then chmod needs to find a new tgz.

      If you look at the operation windigo paper gcc is used to build a patched, trojaned server and replace the system binary.

      Comments
      1. By jbc (182.249.247.141) on

        > If you look at the operation windigo paper gcc is used to build a patched, trojaned server and replace the system binary.

        Could you please point me to the right section and page?

        I'm afraid that I'm not going to waste my time reading 69 pages of something that isn't written like a proper paper, on a topic which doesn't particularly interest me, and fails to produce any match when searching for "gcc" and only one match for "compiler".

        I've made amd64 binaries in the past that ran unmodified on Linux, FreeBSD and OpenBSD. That was just by linking my special C library. I don't know about the "windigo" constraints, but replicating that and delivering it doesn't sound a lot harder than sending the source and compiling it. The hard part is getting free access to your box. Anything after that is just annoying for the intruders at best.

    2. By Cabal (Cabal) Maybe Cabal on https://lobste.rs/

      > The paranoid interpretation sounds a bit stretched. What does gcc have over chmod and the Bourne shell? gcc is not setuid and can't do anything about uga permissions and noexec either. I can only think of bandwidth but a non-trivial C program isn't all that lean. You can send 1kb but not say 6kb for a specially crafted binary? If gcc is a problem then chmod needs to find a new tgz.

      The funny thing is this is spelled out explicitly in the FAQ:

      http://www.openbsd.org/faq/faq4.html#FilesNeeded

      Comments
      1. By Anonymous Coward (182.249.247.141) on

        > The paranoid interpretation sounds a bit stretched. What does gcc have over chmod and the Bourne shell? gcc is not setuid and can't do anything about uga permissions and noexec either. I can only think of bandwidth but a non-trivial C program isn't all that lean. You can send 1kb but not say 6kb for a specially crafted binary? If gcc is a problem then chmod needs to find a new tgz.
        >
        > The funny thing is this is spelled out explicitly in the FAQ:
        >
        > http://www.openbsd.org/faq/faq4.html#FilesNeeded

        Comments
        1. By Marc Espie (espie) on

          Actually, I've heard that one from utterly paranoid sysadmin types a few times.

          There are a few interpretations to make of this, none of them charitable.

          1/ they don't understand security enough, especially the "development part", which is some kind of magic, so they believe removing the compilers will help.

          2/ they spent so much time worrying about security issues that their senses of what's important and what's not got lost. After all, you can't achieve 100% security. So you've got to prioritize. Staying in that field for long enough can be devastating.

          In my opinion, once someone has gained access to your machine, it's game over. Almost any tool can be used to put trojans on the machine, including cat. You've got to prepare for the sophisticated pirate, and that one won't be stopped by the lack of compiler.

          The only thing the lack of compiler will do is prevent you from doing some necessary updates.

  2. By Marc Espie (espie) espie@nerim.net on

    Matthieu, you might have missed part of the discussion, but this actually annoys a third kind of people: those with lots of machines that want to backup their systems properly.

    These may want to not install comp on their machines so that the / and /usr partitions get smaller. X itself is not a problem, as it is perfectly self-contained, and you don't need to backup /usr/X11R6 of dozens of identical machines. But figuring out a partition/backup scheme so that you don't back up MB of compilers when you have them installed can be hard.

    Yep, you can probably find tools in ports to do that more efficiently, but if you're a true OpenBSD dev who believes in the power of base, then dump(8) is all-or-nothing: either you back up a partition, or you don't.

    That was the gist of the whole heated exchange with Henning, Theo, others, and I. It's actually all about backups.

    Comments
    1. By Cabal (Cabal) on https://lobste.rs/

      Aren't systems mostly disposable these days, though? I.e. cattle, not cats. It takes less time and effort to spin up a new system, restore your data, and go.

      Additionally, it's programmatic and humans don't get in the way.

  3. By sthen (85.158.44.145) on

    This isn't just about xbase - base also has a program (calendar) that requires cpp.

    Comments
    1. By Anonymous Coward (2a01:6600:8081:6101:c6a8:1dff:fe81:d63) on

      > This isn't just about xbase - base also has a program (calendar) that requires cpp.

      It has not been patched yet to use auxcpp afaict.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]