View previous topic :: View next topic |
Author |
Message |
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Fri Nov 02, 2018 1:39 pm Post subject: What really is changing in these xorg releases? |
|
|
Split from Why is our xorg-server setuid, again? --pjp
What really is changing in these xorg releases? Since 1.16 all I've noticed is problems installing (went OK this time) like blockers and needing to rebuild stuff, then when it's over it's the same. No speed increase, no noticeable difference. Are the upstream developers, like so many projects, just rearranging the code because they personally don't like it? Why is there clang and rust when gcc was all anyone needed for how many years? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21627
|
Posted: Sat Nov 03, 2018 1:26 am Post subject: |
|
|
Clang was needed because Apple couldn't stand the licensing on gcc. Rust was needed because there weren't enough projects bundling private copies of llvm. |
|
Back to top |
|
|
pjp Administrator
Joined: 16 Apr 2002 Posts: 20067
|
Posted: Sat Nov 03, 2018 2:26 am Post subject: |
|
|
Tony0945 wrote: | Why is there x and y when z was all anyone needed for how many years? | Since you didn't put it that way... _________________ Quis separabit? Quo animo? |
|
Back to top |
|
|
mv Watchman
Joined: 20 Apr 2005 Posts: 6747
|
Posted: Sat Nov 03, 2018 6:09 am Post subject: |
|
|
Hu wrote: | Clang was needed because Apple couldn't stand the licensing on gcc. Rust was needed because there weren't enough projects bundling private copies of llvm. |
To get the jokes, you have to know the true reasons.
Concerning clang, one probably has to ask the chromium and firefox developers for details: Apparently, gcc currently has some limitations/bugs which hinder development of these projects.
Concerning rust and go, there really was a need for a language which is simultaneously fast and safe. It makes sense that at least the companies/groups who developed that languages actually use it.
Concerning bundling of llvm: Apparently llvm should think over what it actually installs; AFAIK, several projects have a bundled copy of llvm, because they need to access quite some code/tools which are not available in the installed version of llvm. So in a sense, this bundling can be considered as a workaround of a conceptual llvm bug. |
|
Back to top |
|
|
proteusx Guru
Joined: 21 Jan 2008 Posts: 338
|
Posted: Sat Nov 03, 2018 9:31 am Post subject: |
|
|
It is like irrigating the crops with "Browndo" in the film Idiocracy. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Sat Nov 03, 2018 2:15 pm Post subject: |
|
|
Hu wrote: | Clang was needed because Apple couldn't stand the licensing on gcc. Rust was needed because there weren't enough projects bundling private copies of llvm. |
IOW to serve private interests, not for technical reasons. |
|
Back to top |
|
|
Ralphred Guru
Joined: 31 Dec 2013 Posts: 499
|
Posted: Sun Nov 04, 2018 12:22 am Post subject: |
|
|
It's the naming that makes me cringe, it may just be due to idioms, but rust is what you get when you fail at care and maintenance of motor vehicles, clang is what you get when you really fail at care and maintenance of motor vehicles. I find myself subconsciously asking what these people did that made rust and clang the answer? |
|
Back to top |
|
|
dmpogo Advocate
Joined: 02 Sep 2004 Posts: 3267 Location: Canada
|
Posted: Sun Nov 04, 2018 3:47 am Post subject: |
|
|
Ralphred wrote: | It's the naming that makes me cringe, it may just be due to idioms, but rust is what you get when you fail at care and maintenance of motor vehicles, clang is what you get when you really fail at care and maintenance of motor vehicles. I find myself subconsciously asking what these people did that made rust and clang the answer? |
Interesting, very much agree. It kind of make it all unpleasant to use. On the other hand 'ruby' with subsequent 'gems' is also in the same class for me. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21627
|
Posted: Sun Nov 04, 2018 4:47 pm Post subject: |
|
|
clang isn't too bad, aside from its tendency to warn-by-default on things that are a pain to clean up in old code, and its fondness for claiming to be gcc, but not actually implementing gcc extensions. I've had several places where I have to write a preprocessor guard as #if !defined(__clang__) && defined(__GNUC__) because clang defines __GNUC__. If they don't want to implement gcc extensions, that's fine, but they shouldn't mislead the program into thinking that it can use those extensions.
I just can't take rust seriously. Any project where the recommended install instructions are (as root) curl URL | sh shows such a blatant disregard for security and sanity that I run screaming before evaluating it further. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Sun Nov 04, 2018 4:50 pm Post subject: |
|
|
hu wrote: | (as root) curl URL | sh | OMIGOD! |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3343 Location: Rasi, Finland
|
Posted: Sun Nov 04, 2018 5:37 pm Post subject: |
|
|
Hu wrote: | I just can't take rust seriously. Any project where the recommended install instructions are (as root) curl URL | sh shows such a blatant disregard for security and sanity that I run screaming before evaluating it further. | WHAT?
Where? _________________ ..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
Naib Watchman
Joined: 21 May 2004 Posts: 6051 Location: Removed by Neddy
|
Posted: Sun Nov 04, 2018 5:41 pm Post subject: |
|
|
Zucca wrote: | Hu wrote: | I just can't take rust seriously. Any project where the recommended install instructions are (as root) curl URL | sh shows such a blatant disregard for security and sanity that I run screaming before evaluating it further. | WHAT?
Where? |
30seconds google... come on
https://www.rust-lang.org/en-US/install.html _________________
Quote: | Removed by Chiitoo |
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21627
|
Posted: Sun Nov 04, 2018 5:48 pm Post subject: |
|
|
Code: | $ eix -e rust
* dev-lang/rust
Homepage: https://www.rust-lang.org/
Description: Systems programming language from Mozilla | Load https://www.rust-lang.org/. Immediately get redirected to a language-specific path, in my case en-US. On the right side, near the top, there is a blue button labeled Install Rust 1.30.0, with a URL of https://www.rust-lang.org/en-US/install.html. On the linked page, under the heading Install Rust, there is a box that says To install Rust, if you are running Unix, run the following in your terminal, then follow the onscreen instructions.. Below that text is a darker box, contained in the outer box, which reads curl https://sh.rustup.rs -sSf | sh. It looks like I misremembered in saying that they explicitly tell you to run it as root. That must have been some other equally crazy project. Looking through the script they serve, someone put a lot of effort into it, so it's a real shame that the idea is fatally flawed from the outset. Incidentally, the script also fails if your temporary directory is mounted noexec. I find this telling, since everybody should mount /tmp as noexec, yet the script's authors assume they can write and run there anyway. |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sun Nov 04, 2018 7:00 pm Post subject: |
|
|
Naib wrote: | Zucca wrote: | Hu wrote: | I just can't take rust seriously. Any project where the recommended install instructions are (as root) curl URL | sh shows such a blatant disregard for security and sanity that I run screaming before evaluating it further. | WHAT? 8O
Where? |
30seconds google... come on
https://www.rust-lang.org/en-US/install.html |
Better: https://curlpipesh.tumblr.com/ |
|
Back to top |
|
|
Zucca Moderator
Joined: 14 Jun 2007 Posts: 3343 Location: Rasi, Finland
|
Posted: Sun Nov 04, 2018 7:41 pm Post subject: |
|
|
A little OT but: Hu wrote: | I find this telling, since everybody should mount /tmp as noexec, yet the script's authors assume they can write and run there anyway. | Some packages fail to build if portage temp is on noexec mount (at least x amounts of time ago, when I had noexec /tmp).
I should then create another tmpfs for portage temp only? _________________ ..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--
Quote: | I am NaN! I am a man! |
|
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21627
|
Posted: Sun Nov 04, 2018 9:24 pm Post subject: |
|
|
Yes, many packages do not play well with a noexec build directory. This is unfortunate, but hard to fix in general. My point above was that the rust authors assume the system /tmp is not noexec. Everyone should have the commonly known and world writable areas mounted as noexec, reserving exec for those areas specifically intended to permit execution by people trusted with write access to those directories. Using noexec on well known areas is a very cheap, and at least moderately effective, way of crippling some types of exploit. It doesn't stop everything, though.
To directly answer the question: you should expect Portage to need a exec PORTAGE_TMPDIR. You can achieve this with a separate tmpfs, or using a bind mount to make part of the main tmpfs be exec. Filing bugs for packages that fail with PORTAGE_TMPDIR mounted noexec is probably a waste of time. |
|
Back to top |
|
|
Tony0945 Watchman
Joined: 25 Jul 2006 Posts: 5127 Location: Illinois, USA
|
Posted: Sun Nov 04, 2018 9:36 pm Post subject: |
|
|
Like this? Code: | # mount|grep tmpfs|grep exec
cgroup_root on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,size=10240k,mode=755)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime)
# mount|grep tmpfs|grep -v exec
devtmpfs on /dev type devtmpfs (rw,nosuid,relatime,size=10240k,nr_inodes=2044380,mode=755)
tmpfs on /run type tmpfs (rw,nodev,relatime,size=1642532k,mode=755)
tmpfs on /var/tmp/portage type tmpfs (rw,relatime,size=12582912k,nr_inodes=1048576)
| Or do you recommend a change, Hu?
/var/tmp is part of the root filesystem, as is /run and /tmp. Have I been running unsafe systems? |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21627
|
Posted: Sun Nov 04, 2018 11:08 pm Post subject: |
|
|
Your /dev/shm looks fine. I like having those same options on all my world writable areas. Code: | tmpfs /tmp tmpfs rw,nodev,noexec,relatime 0 0 | Only /var/tmp/portage is exempt, and I consider that an acceptable compromise when its permissions are restricted so that only the portage user can write to it. |
|
Back to top |
|
|
|