DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th July 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default enabling linux binary emulation .. could it harm ?

Hi !

To what extend could linux binary emulation when enabled weaken OpenBSD security ?
Reply With Quote
  #2   (View Single Post)  
Old 30th July 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,902
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
To what extend could linux binary emulation when enabled weaken OpenBSD security ?
There are two different parts to your question.
  • The first involves the Linux emulation layer itself. This is written by OpenBSD developers which goes through the same commit process as any other piece of code checked into CVS.

    Because the Linux filesystem layout is different from OpenBSD's, the emulation layer will not be able to fully mimic the Linux environment. Study hier(7) on both platforms to see the differences.

    The real question is how much is emulation tested. I cannot answer this question. I do not know its limitations.

    In recent years, keeping the Linux emulation layer up to date hasn't been as important as it may have been 5+ years ago now that more applications are available natively in the packages/ports system, so support of newer Linux kernel calls in the emulation layer hasn't stayed in synch with more recent releases of the Linux kernel. However, I have seen a number of CVS check-in's into OpenBSD's src tree before 5.2 was tagged showing an effort to keep the emulation layer current.

    Don't expect emulation layers to be perfect. They aren't. Bugs can & will exist for several different reasons. Some Linux binaries will run on OpenBSD fine. Others won't. To find out whether any particular Linux binary will run under emulation, try it yourself. Studying compat_linux(8) is a start.

    In the end, if you want perfect Linux emulation, run your Linux application on Linux.
  • Secondly, how well the application has been vetted is a question which has to be answered on an individual basis. You will need to ascertain this yourself.

    In comparison, third-party applications available officially in the OpenBSD ports tree are not as vetted as the base system itself, so you can equally question the trustworthiness of native applications as well.
In general when it comes to third-party applications, determine whether a native port is available in the ports tree. If one is, use it as the maintainer should have resolved all library & filesystem differences. If not, try the emulation layer if a Linux binary can be found. OpenBSD's emulation layer may or may not be sufficient for the application's needs.
Reply With Quote
  #3   (View Single Post)  
Old 30th July 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Thank you very much !!
I hope this not again a thread hijacking recurrence :-)
* Opera as emulated on OpenBSD 5.2 bears the 5.1 bug too : Abort trap . So I always do a make reinstall before reusing it ater reboot.
* Opera as emulated on NetBSD 6.0_BETA2 (GENERIC) : a bit faster and bug-free ..
$ opera --version for NetBSD :
Code:
Opera 11.62 Build 1347 for Linux i386.
Does this occur because of a certain inherent OpenBSD security feature ?
Or is it because the OpenBSD Team are not putting effort to this particular port because it's a closed source and contradicts the followed policy ?
Or maybe some reason ??
Reply With Quote
  #4   (View Single Post)  
Old 30th July 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,902
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
I hope this not again a thread hijacking recurrence :-)
Because the new information being presented which takes the tenor of discussion in a different direction, yes, daemonfowl, you have hijacked discussion yet again.

This would have been good information to include in your original message. Being upfront with the fundamental problem you wish to discuss helps you & helps anyone who might respond frame their response(s).
Reply With Quote
  #5   (View Single Post)  
Old 30th July 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

Sir ocicat , believe me , I'm developping a Thread-Hijacking Phobia !
Here is what I did :
* I asked about binary emulation under OpenBSD and whether/how it might be a security risk.
* I brought an example I have in front of me : Opera.
* I added info about it on both OpenBSD (security-aware) & NetBSD (portability-driven)
to conclude maybe that : security as tightened on OpenBSD may be a cause that emulated software don't run as expected while on NetBSD it just runs .. maybe not .. you help me discover it :-)
Reply With Quote
  #6   (View Single Post)  
Old 30th July 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 2,902
Thanked 190 Times in 160 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
Sir ocicat
daemonfowl, this isn't medieval England. Wearing chainmail is no longer in vogue. You don't have to refer to us as "Sir".
Quote:
I'm developping a Thread-Hijacking Phobia !
...& yet, you hijack threads nearly on a daily basis.
Quote:
* I brought an example I have in front of me : Opera.
* I added info about it on both OpenBSD (security-aware) & NetBSD (portability-driven)
Again, after the fact. This should have been included in the original post.
Quote:
security as tightened on OpenBSD may be a cause that emulated software don't run as expected while on NetBSD it just runs .. maybe not ..
The experiment you should perform is:
  1. Do a fresh install of OpenBSD. No upgrades allowed.
  2. Followed immediately by installing Opera.
Do you get the same error upon usage?
Reply With Quote
  #7   (View Single Post)  
Old 30th July 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,795
Thanked 214 Times in 189 Posts
Default

Quote:
Originally Posted by daemonfowl View Post
So I always do a make reinstall before reusing it ater reboot.
Opera is a closed-source application. It is available only as a port as its commercial license does not permit redistribution in other packages. The port does not "make" anything, it merely repackages the binary files.

Between 5.1 and 5.2, there was a revision bump of the OpenBSD port due to underlying changes for gtk-update-icon-cache. This changes the package signature, and therefore the underlying dependencies would be refreshed on reinstall ("make print-run-depends" will give you a list). The Opera binary remained unchanged; OpenBSD has nothing to do with that at all.
Quote:
Opera --version for NetBSD...
Please see OpenBSD FAQ 15.4.2.
Reply With Quote
  #8   (View Single Post)  
Old 30th July 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Thanked 0 Times in 0 Posts
Default

ocicat : I repent .. :-) .. I was trying to show respect to those who are offering constant support to a dumbbie.
jggimi : I mentioned version for reference only , as I mentioned NetBSD kern.version.
Quote:
The experiment you should perform is:
Do a fresh install of OpenBSD. No upgrades allowed.
Followed immediately by installing Opera.
Do you get the same error upon usage?
I'll inform you as soon as I do it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why does the opera need linux emulation ? sw2wolf OpenBSD Packages and Ports 6 20th March 2012 12:18 PM
Linux Binary: cannot execute binary file xmorg FreeBSD General 3 25th September 2010 03:46 PM
Enabling an "All-in-One" Printer/Scanner/Fax on OBSD IronForge OpenBSD General 3 17th February 2010 04:22 AM
shared libraries and linux emulation Business_woman FreeBSD General 4 16th November 2008 10:03 AM
Linux emulation Mr-Biscuit FreeBSD General 2 9th October 2008 09:44 PM


All times are GMT. The time now is 07:16 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick