From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from crocodile.elm.relay.mailchannels.net (crocodile.elm.relay.mailchannels.net [23.83.212.45]) by sourceware.org (Postfix) with ESMTPS id ACF8E3858D32 for ; Mon, 20 Mar 2023 23:15:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org ACF8E3858D32 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=gotplt.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 6154B5C2002; Mon, 20 Mar 2023 23:15:48 +0000 (UTC) Received: from pdx1-sub0-mail-a306.dreamhost.com (unknown [127.0.0.6]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id C8FAC5C0B0B; Mon, 20 Mar 2023 23:15:47 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1679354147; a=rsa-sha256; cv=none; b=iCfDAMzzLG4eN3nvb4JGnlmHAi0lqLf6RBxXXp3YyjuJtrL/0P56f2LKd2OtE89gKq9doX IVpXzomeDaStqRkAtMgxsbM2DlVrvsapYCKSCE3gECW8nILvzRY1uiXlyMPA+YSlugxgUx AsCqdiAKzodBFmRupyiJxDPLRvVTb0MfBCpBJxh7J216PM834oXNY3EU3OiBP24uLHinCw mGlIVZcwz1bLgIt8iFiUsZF4ChQNP21uTmay+Op6mkoKcXrfZqxCGh/Ms+HlOOTE6cu4Gn +W4s/CxxuLgeQ8hcnHn3RQqfULekXLVxeG7D8VaJaps6d6hEQZ1n4Olz4YiLdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1679354147; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=dW00V7qdqTaKliSg+88mIKkKYYJgm6EzuOSxRnicjNE=; b=aTsw3pbTQYcuy1EoXtwlR0YjrriZukb+5QrlSWUPBV/A/AJRvYEKfPY/9/6KjzzJlr8UpE G1TRx2JcY7iBgnroXbl0LVOSZkKboCnfAJAflcMy0Y6dqiFtw2puEOOeQQHV+9XtTJwJsH faOSB4mCkSNCpfhrmrYIA0l3+S2ibu+XYNtF4339PP893tsN2uLdb61xzUW7EtrEvFNBww qmtabvUAHilVyQ7uNL6euGoSds4vH1a548asLHTWFUhmt6QpUolEMAJspY7ZlyfHHWuZ9G WqwSMwFwoVwjn361ujXF33f1U8Fywp84kI6oJomSDM5Q1bGQrIB1z8FOD3kb+g== ARC-Authentication-Results: i=1; rspamd-59dbd69698-fzxbs; auth=pass smtp.auth=dreamhost smtp.mailfrom=siddhesh@gotplt.org X-Sender-Id: dreamhost|x-authsender|siddhesh@gotplt.org X-MC-Relay: Neutral X-MailChannels-SenderId: dreamhost|x-authsender|siddhesh@gotplt.org X-MailChannels-Auth-Id: dreamhost X-Vacuous-Language: 7eecb7203093e3e6_1679354148073_748603077 X-MC-Loop-Signature: 1679354148073:1674889059 X-MC-Ingress-Time: 1679354148073 Received: from pdx1-sub0-mail-a306.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.116.217.231 (trex/6.7.2); Mon, 20 Mar 2023 23:15:48 +0000 Received: from [192.168.0.182] (bras-vprn-toroon4834w-lp130-09-174-91-45-153.dsl.bell.ca [174.91.45.153]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: siddhesh@gotplt.org) by pdx1-sub0-mail-a306.dreamhost.com (Postfix) with ESMTPSA id 4PgVw32GSpzPv; Mon, 20 Mar 2023 16:15:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gotplt.org; s=dreamhost; t=1679354147; bh=dW00V7qdqTaKliSg+88mIKkKYYJgm6EzuOSxRnicjNE=; h=Date:Subject:To:From:Content-Type:Content-Transfer-Encoding; b=BW6YszIPmrD60XJTzlLOwg6ox0+nPUEVu2hof2WBIZdXXDgI+VAGZiYvS/qrNRhKW t0ZBP9nElEcBo9JBF/2Spv3HYSQMg3gR6bKxERJHc5OijWJoT0FU0rC/l5ecn8OxDE PxMwzaVpWClnOcygZeJZo9wi1YSE401pnmNTb5zlmuig9hg67uM/Yaxrr5K217yyDj 1sKYcYMJPDnc7OjU4x1Toh6NZvuodI5uwrEVC3665dDkKAFjj8JaEv77sRXii6oNPu /n7sV2Sa/+HLxfUBm3H2cV6/w6HVq3eYblBO5EW9Obviya9o0tON3vve9nGykj6tY9 Jov9BsPrif2Xw== Message-ID: <9a6d86db-e799-0476-98cf-253a533d12ad@gotplt.org> Date: Mon, 20 Mar 2023 19:15:41 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH 0/2] Make tunable a default feature Content-Language: en-US To: Adhemerval Zanella Netto , libc-alpha@sourceware.org, Florian Weimer References: <20230313190627.2000578-1-adhemerval.zanella@linaro.org> <6511a415-b165-586d-b22d-80ff4eef0fa8@gotplt.org> <6b880467-e122-d2c5-f8d6-1394a4065753@gotplt.org> From: Siddhesh Poyarekar In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-3030.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On 2023-03-20 12:59, Adhemerval Zanella Netto wrote: > I think it might make sense for tunables that change the program semantic, such > as security hardening; although I don't think it really fits for performance > oriented ones (such malloc or pthread tuning). So maybe we can define a global Administrative level performance tuning defaults for setuid binaries? > file format where the administrator can set where setuid binaries can use it, > and if uses can overwrite it. My initial idea would be something quite simple, > similar to sysctl.conf: Yes, I think Florian suggested reusing ld.so.conf instead. I don't have a strong preference either way so y'all can fight that one out - potato potato ;) > And I was thinking about an DF_1_NODEFLIB analogous so the program can opt-out > any performance or behavior difference any tunable might incur. Although with > your idea of enforceable tunable, I think it does not make much sense. Yeah an ELF flag to override all tunables seems counter to the whole idea, but ELF flags to override specific tunables may make sense. E.g. memory tagging enabled by default in the system and a program built with DF_NO_MEMTAG overrides that systemwide setting. Sid