From: imp@bsdimp.com (Warner Losh)
Subject: [TUHS] UNIX of choice these days?
Date: Mon, 25 Sep 2017 10:51:42 -0600 [thread overview]
Message-ID: <CANCZdfobaTGxLkQBJo7Wqvn8NbdQk8uU8SeVyfKR9KTcm-c8iQ@mail.gmail.com> (raw)
In-Reply-To: <CANCZdfrX3T4TC1QbzhEZPBB8zBXMaWb9_=TVfwTmzUMVKuPjsQ@mail.gmail.com>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain, Size: 4966 bytes --]
On Mon, Sep 25, 2017 at 9:13 AM, Warner Losh <imp at bsdimp.com> wrote:
>
>
> On Mon, Sep 25, 2017 at 8:16 AM, Clem Cole <clemc at ccc.com> wrote:
>
>>
>>
>> On Mon, Sep 25, 2017 at 8:07 AM, Norman Wilson <norman at oclsc.org> wrote:
>>
>>> ...
>>>
>>> I too am saddened to see such a retrograde step, but perhaps
>>> I'm biased. When I arrived in 1127, the kernel had /proc but
>>> still had ptrace as well. Why? Because no one was brave enough
>>> to wade into sdb and adb.
>>>
>>> ...
>>>
>>>
>>> I can sympathize with FreeBSD excuse someone cited elsewhere,
>>> that nobody used the code so it should go--I'm always in favour
>>> of improving programs by chopping sutff out--but I think the
>>> decision here was backwards. The proper answer would have been
>>> to teach ps et al to use /proc, not to invent a new complex of
>>> system calls.
>>>
>> +1 that was my point. If the application code had been available @
>> UCB earlier before the proliferation,
>> I think and /proc has been part of 4.2 or at least 4.3 not 4.4, I think
>> there would have been a better chance
>> of it being used.
>>
>> I also agree about garbage collection, but this is a case where the right
>> solution would have been to try to get people to use the new interface.
>> The problem was ptrace was 'good enough' and there was no incentive so no
>> one did it.
>>
>
> In the case of procfs and FreeBSD, the issues were more complicated and
> nuanced. The original /proc code came from 4.4BSD, and interacted with a
> number of kernel subsystems. These subsystems were undergoing evolution at
> the time (including a rather concerted rewrite of the VM to unify the
> buffer cache). This churn there lead to inevitable changes being needed to
> procfs to keep up with the new interfaces and such. Over time, there grew
> the feeling that there some something quite wrong with procfs (rightly or
> wrongly). There was a belief there were a number of unanticipated security
> issues that were lingering in the code, but due to the changes not only in
> API to the other sub-systems, but also in semantics. Kernel hackers that
> studied the problem came away with an uneasy feeling, but nothing
> actionable. This was the back-drop that slowed its adoption into new
> utilities in the FreeBSD tree and kept people from wanting to push it
> further until these misgivings could be explored and addressed. In the end,
> it was easier to have a better understood code base (ptrace) that had an
> icky interface over one that was cleaner, but that had clouds over it. As
> fewer and fewer things used /proc, it became easier and easier to ignore,
> and at some point people started worrying that this code that was basically
> unused could be an attack vector on the systems, so it was retired.
>
> It's been a number of years since all this went down, so my memory of it
> may be clouded. Plus, I was FreeBSD's security officer for a time, and I'm
> purposely not going back to my notes from the time since I promised to keep
> all that business confidential (and I'm not exactly sure where they are).
> So, there may be the odd detail wrong, or imprecision of language, but the
> main thrust is there: new with issues that are hard to quantify, but have
> potential for embarrassment should the misgivings bear fruit militates for
> staying with the old. It also didn't help there were no strong supporters
> willing to stand behind the code, which didn't help with the misgivings.
> Had it not exited the tree then, the push to MP would have counted it as a
> casualty absent a strong maintainer to make it MP safe.
>
OK. I've done some software archeology and the above isn't quite right.
Sorry for the misinformation.
FreeBSD still has /proc. It's still actively maintained.
We removed /proc from the default kernel and installation years ago due to
security concerns (and not just misgivings, there were several SAs in that
area). I was remembering the 'opt-in' discussions... Should have consulted
the notes...
The ctl interface in the referenced commit message is part of the debugging
interface. It wasn't as feature rich as gdb, and nothing used it so it was
removed. There's other parts of the debugging interface that still persist,
but those are in the process of being de-orbited. There are several
debuggers that use the ptrace interface, and making them all use /proc was
seen as rowing against the tide and not completely useful since /proc
wasn't enabled by default due to security concerns.
The rest of /proc is still around, but you have to really want it.
Kinda highlights, though, problems with the kitchen-sink approach. There's
bits of /proc that are quite useful, but since it was so expansive, it
represented a big security threat and so is off by default.
Warner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20170925/8b7d7171/attachment.html>
next prev parent reply other threads:[~2017-09-25 16:51 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-25 12:07 Norman Wilson
2017-09-25 14:16 ` Clem Cole
2017-09-25 15:13 ` Warner Losh
2017-09-25 16:51 ` Warner Losh [this message]
2017-09-26 0:56 ` ron minnich
2017-09-25 15:18 ` Larry McVoy
2017-09-25 15:30 ` Warner Losh
2017-09-25 23:49 ` Dave Horsfall
2017-09-26 2:06 ` Chet Ramey
2017-09-26 14:53 ` Larry McVoy
2017-09-26 15:17 ` Chet Ramey
2017-09-26 21:23 ` Dave Horsfall
2017-09-26 21:43 ` Arthur Krewat
2017-09-26 21:45 ` Grant Taylor
2017-09-27 0:58 ` Dave Horsfall
2017-09-27 1:37 ` Chet Ramey
2017-09-27 2:02 ` Larry McVoy
2017-09-27 13:50 ` Chet Ramey
2017-09-27 14:17 ` Larry McVoy
2017-09-28 8:10 ` Derek Fawcus
2017-09-28 12:34 ` Chet Ramey
[not found] ` <20170928174420.GA41732@accordion.employees.org>
2017-09-28 17:57 ` Derek Fawcus
2017-09-28 18:04 ` Chet Ramey
2017-09-27 3:42 ` Dave Horsfall
2017-09-27 14:35 ` Chet Ramey
-- strict thread matches above, loose matches on Subject: below --
2017-09-30 15:17 Norman Wilson
2017-09-30 20:29 ` Kevin Bowling
2017-09-30 21:56 ` Bakul Shah
2017-09-30 22:37 ` Kevin Bowling
2017-09-25 12:46 [TUHS] Unix " Doug McIlroy
2017-09-25 13:57 ` Clem Cole
2017-09-23 23:39 [TUHS] UNIX " Nelson H. F. Beebe
2017-09-21 2:28 Rudi Blom
2017-09-20 0:12 Arthur Krewat
2017-09-20 0:26 ` Larry McVoy
2017-09-20 0:39 ` Dave Horsfall
2017-09-20 1:03 ` Lyndon Nerenberg
2017-09-20 20:56 ` jason-tuhs
2017-09-23 9:17 ` Dario Niedermann
2017-09-23 9:36 ` Steve Mynott
2017-09-23 10:03 ` Dario Niedermann
2017-09-23 23:04 ` Dave Horsfall
2017-09-24 0:11 ` Random832
2017-09-24 1:19 ` Dave Horsfall
2017-09-24 13:46 ` Andy Kosela
2017-09-24 14:02 ` ron minnich
2017-09-24 14:06 ` Larry McVoy
2017-09-24 20:36 ` Kurt H Maier
2017-09-24 21:38 ` Bakul Shah
2017-09-24 23:36 ` Dave Horsfall
2017-09-24 23:50 ` Steve Nickolas
2017-09-25 0:03 ` Wesley Parish
2017-09-25 15:36 ` Tony Finch
2017-09-26 0:42 ` Wesley Parish
2017-09-26 9:54 ` Tony Finch
2017-09-26 14:41 ` Larry McVoy
2017-09-26 17:34 ` Bakul Shah
2017-09-26 17:39 ` Warner Losh
2017-09-26 18:26 ` Bakul Shah
2017-09-26 17:43 ` Larry McVoy
2017-09-26 19:44 ` Grant Taylor
2017-09-26 23:22 ` Wesley Parish
2017-09-25 0:51 ` Charles Anthony
2017-09-25 0:36 ` Dan Cross
2017-09-25 0:44 ` Grant Taylor
2017-09-25 0:56 ` Bakul Shah
2017-09-25 15:45 ` Tony Finch
2017-09-25 16:14 ` Bakul Shah
2017-09-25 7:41 ` Andy Kosela
2017-09-25 7:43 ` Cory Smelosky
2017-09-25 10:14 ` Andy Kosela
2017-09-25 9:58 ` Steve Nickolas
2017-09-25 11:14 ` Derek Fawcus
2017-09-25 11:48 ` Andrew Warkentin
2017-09-24 15:26 ` Christian Barthel
2017-09-24 17:33 ` Clem Cole
2017-09-24 17:33 ` Clem Cole
2017-09-23 23:00 ` Dave Horsfall
2017-09-26 22:00 ` Christian Groessler
2017-09-20 4:42 ` Grant Taylor
2017-09-20 8:31 ` Mutiny
2017-09-20 9:15 ` Steve Nickolas
2017-09-20 16:58 ` Arthur Krewat
2017-09-20 17:05 ` Steve Nickolas
2017-09-20 17:53 ` Henry Bent
2017-09-20 18:12 ` Arthur Krewat
2017-09-20 18:33 ` Brad Spencer
2017-09-20 19:20 ` Henry Bent
2017-09-20 19:37 ` Arthur Krewat
2017-09-20 19:58 ` Jacob Ritorto
2017-09-20 22:29 ` Ian Zimmerman
2017-09-20 22:31 ` Warner Losh
2017-09-20 12:52 ` Chet Ramey
2017-09-20 13:33 ` Nemo
2017-09-20 15:39 ` Clem Cole
2017-09-20 15:42 ` Jon Steinhart
2017-09-20 16:58 ` Ian Zimmerman
2017-09-20 17:09 ` Jon Steinhart
2017-09-20 17:31 ` Arthur Krewat
2017-09-20 22:40 ` Steve Simon
2017-09-20 22:51 ` Erik Berls
2017-09-20 23:37 ` Robert Brockway
2017-09-21 1:47 ` Derrik Walker v2.0
2017-09-21 3:54 ` Gregg Levine
2017-09-21 14:33 ` Nicholas Chappell
2017-09-21 16:38 ` Mutiny
2017-09-21 16:42 ` gilbertmm
2017-09-21 18:30 ` Grant Taylor
2017-09-21 23:34 ` Dave Horsfall
2017-09-25 10:36 ` Thomas Kellar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CANCZdfobaTGxLkQBJo7Wqvn8NbdQk8uU8SeVyfKR9KTcm-c8iQ@mail.gmail.com \
--to=imp@bsdimp.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).