Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
What really is changing in these xorg releases?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3253
Location: Illinois, USA

PostPosted: Fri Nov 02, 2018 1:39 pm    Post subject: What really is changing in these xorg releases? Reply with quote

Split from Why is our xorg-server setuid, again? --pjp

What really is changing in these xorg releases? Since 1.16 all I've noticed is problems installing (went OK this time) like blockers and needing to rebuild stuff, then when it's over it's the same. No speed increase, no noticeable difference. Are the upstream developers, like so many projects, just rearranging the code because they personally don't like it? Why is there clang and rust when gcc was all anyone needed for how many years?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14291

PostPosted: Sat Nov 03, 2018 1:26 am    Post subject: Reply with quote

Clang was needed because Apple couldn't stand the licensing on gcc. Rust was needed because there weren't enough projects bundling private copies of llvm. ;)
Back to top
View user's profile Send private message
pjp
Administrator
Administrator


Joined: 16 Apr 2002
Posts: 18120

PostPosted: Sat Nov 03, 2018 2:26 am    Post subject: Reply with quote

Tony0945 wrote:
Why is there x and y when z was all anyone needed for how many years?
Since you didn't put it that way...
_________________
Those who know what's best for us must rise and save us from ourselves.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6295

PostPosted: Sat Nov 03, 2018 6:09 am    Post subject: Reply with quote

Hu wrote:
Clang was needed because Apple couldn't stand the licensing on gcc. Rust was needed because there weren't enough projects bundling private copies of llvm. ;)

To get the jokes, you have to know the true reasons.
Concerning clang, one probably has to ask the chromium and firefox developers for details: Apparently, gcc currently has some limitations/bugs which hinder development of these projects.
Concerning rust and go, there really was a need for a language which is simultaneously fast and safe. It makes sense that at least the companies/groups who developed that languages actually use it.
Concerning bundling of llvm: Apparently llvm should think over what it actually installs; AFAIK, several projects have a bundled copy of llvm, because they need to access quite some code/tools which are not available in the installed version of llvm. So in a sense, this bundling can be considered as a workaround of a conceptual llvm bug.
Back to top
View user's profile Send private message
proteusx
Apprentice
Apprentice


Joined: 21 Jan 2008
Posts: 250

PostPosted: Sat Nov 03, 2018 9:31 am    Post subject: Reply with quote

It is like irrigating the crops with "Browndo" in the film Idiocracy.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3253
Location: Illinois, USA

PostPosted: Sat Nov 03, 2018 2:15 pm    Post subject: Reply with quote

Hu wrote:
Clang was needed because Apple couldn't stand the licensing on gcc. Rust was needed because there weren't enough projects bundling private copies of llvm. ;)

IOW to serve private interests, not for technical reasons.
Back to top
View user's profile Send private message
Ralphred
Tux's lil' helper
Tux's lil' helper


Joined: 31 Dec 2013
Posts: 89

PostPosted: Sun Nov 04, 2018 12:22 am    Post subject: Reply with quote

It's the naming that makes me cringe, it may just be due to idioms, but rust is what you get when you fail at care and maintenance of motor vehicles, clang is what you get when you really fail at care and maintenance of motor vehicles. I find myself subconsciously asking what these people did that made rust and clang the answer?
Back to top
View user's profile Send private message
dmpogo
Advocate
Advocate


Joined: 02 Sep 2004
Posts: 2539
Location: Canada

PostPosted: Sun Nov 04, 2018 3:47 am    Post subject: Reply with quote

Ralphred wrote:
It's the naming that makes me cringe, it may just be due to idioms, but rust is what you get when you fail at care and maintenance of motor vehicles, clang is what you get when you really fail at care and maintenance of motor vehicles. I find myself subconsciously asking what these people did that made rust and clang the answer?



Interesting, very much agree. It kind of make it all unpleasant to use. On the other hand 'ruby' with subsequent 'gems' is also in the same class for me.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14291

PostPosted: Sun Nov 04, 2018 4:47 pm    Post subject: Reply with quote

clang isn't too bad, aside from its tendency to warn-by-default on things that are a pain to clean up in old code, and its fondness for claiming to be gcc, but not actually implementing gcc extensions. I've had several places where I have to write a preprocessor guard as #if !defined(__clang__) && defined(__GNUC__) because clang defines __GNUC__. If they don't want to implement gcc extensions, that's fine, but they shouldn't mislead the program into thinking that it can use those extensions.

I just can't take rust seriously. Any project where the recommended install instructions are (as root) curl URL | sh shows such a blatant disregard for security and sanity that I run screaming before evaluating it further.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3253
Location: Illinois, USA

PostPosted: Sun Nov 04, 2018 4:50 pm    Post subject: Reply with quote

hu wrote:
(as root) curl URL | sh
OMIGOD!
Back to top
View user's profile Send private message
Zucca
Veteran
Veteran


Joined: 14 Jun 2007
Posts: 1572
Location: KUUSANKOSKI, Finland

PostPosted: Sun Nov 04, 2018 5:37 pm    Post subject: Reply with quote

Hu wrote:
I just can't take rust seriously. Any project where the recommended install instructions are (as root) curl URL | sh shows such a blatant disregard for security and sanity that I run screaming before evaluating it further.
WHAT? 8O

Where?
_________________
..: Zucca :..

Code:
ERROR: '--failure' is not an option. Aborting...
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5703
Location: Removed by Neddy

PostPosted: Sun Nov 04, 2018 5:41 pm    Post subject: Reply with quote

Zucca wrote:
Hu wrote:
I just can't take rust seriously. Any project where the recommended install instructions are (as root) curl URL | sh shows such a blatant disregard for security and sanity that I run screaming before evaluating it further.
WHAT? 8O

Where?

30seconds google... come on

https://www.rust-lang.org/en-US/install.html
_________________
The best argument against democracy is a five-minute conversation with the average voter
Great Britain is a republic, with a hereditary president, while the United States is a monarchy with an elective king
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14291

PostPosted: Sun Nov 04, 2018 5:48 pm    Post subject: Reply with quote

Code:
$ eix -e rust
* dev-lang/rust
     Homepage:            https://www.rust-lang.org/
     Description:         Systems programming language from Mozilla
Load https://www.rust-lang.org/. Immediately get redirected to a language-specific path, in my case en-US. On the right side, near the top, there is a blue button labeled Install Rust 1.30.0, with a URL of https://www.rust-lang.org/en-US/install.html. On the linked page, under the heading Install Rust, there is a box that says To install Rust, if you are running Unix, run the following in your terminal, then follow the onscreen instructions.. Below that text is a darker box, contained in the outer box, which reads curl https://sh.rustup.rs -sSf | sh. It looks like I misremembered in saying that they explicitly tell you to run it as root. That must have been some other equally crazy project. Looking through the script they serve, someone put a lot of effort into it, so it's a real shame that the idea is fatally flawed from the outset. Incidentally, the script also fails if your temporary directory is mounted noexec. I find this telling, since everybody should mount /tmp as noexec, yet the script's authors assume they can write and run there anyway.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5965

PostPosted: Sun Nov 04, 2018 7:00 pm    Post subject: Reply with quote

Naib wrote:
Zucca wrote:
Hu wrote:
I just can't take rust seriously. Any project where the recommended install instructions are (as root) curl URL | sh shows such a blatant disregard for security and sanity that I run screaming before evaluating it further.
WHAT? 8O

Where?

30seconds google... come on

https://www.rust-lang.org/en-US/install.html

Better: https://curlpipesh.tumblr.com/
Back to top
View user's profile Send private message
Zucca
Veteran
Veteran


Joined: 14 Jun 2007
Posts: 1572
Location: KUUSANKOSKI, Finland

PostPosted: Sun Nov 04, 2018 7:41 pm    Post subject: Reply with quote

A little OT but:
Hu wrote:
I find this telling, since everybody should mount /tmp as noexec, yet the script's authors assume they can write and run there anyway.
Some packages fail to build if portage temp is on noexec mount (at least x amounts of time ago, when I had noexec /tmp).
I should then create another tmpfs for portage temp only?
_________________
..: Zucca :..

Code:
ERROR: '--failure' is not an option. Aborting...
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14291

PostPosted: Sun Nov 04, 2018 9:24 pm    Post subject: Reply with quote

Yes, many packages do not play well with a noexec build directory. This is unfortunate, but hard to fix in general. My point above was that the rust authors assume the system /tmp is not noexec. Everyone should have the commonly known and world writable areas mounted as noexec, reserving exec for those areas specifically intended to permit execution by people trusted with write access to those directories. Using noexec on well known areas is a very cheap, and at least moderately effective, way of crippling some types of exploit. It doesn't stop everything, though.

To directly answer the question: you should expect Portage to need a exec PORTAGE_TMPDIR. You can achieve this with a separate tmpfs, or using a bind mount to make part of the main tmpfs be exec. Filing bugs for packages that fail with PORTAGE_TMPDIR mounted noexec is probably a waste of time.
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 3253
Location: Illinois, USA

PostPosted: Sun Nov 04, 2018 9:36 pm    Post subject: Reply with quote

Like this?
Code:
# mount|grep tmpfs|grep exec
cgroup_root on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,relatime,size=10240k,mode=755)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,noexec,relatime)
# mount|grep tmpfs|grep -v exec
devtmpfs on /dev type devtmpfs (rw,nosuid,relatime,size=10240k,nr_inodes=2044380,mode=755)
tmpfs on /run type tmpfs (rw,nodev,relatime,size=1642532k,mode=755)
tmpfs on /var/tmp/portage type tmpfs (rw,relatime,size=12582912k,nr_inodes=1048576)
Or do you recommend a change, Hu?

/var/tmp is part of the root filesystem, as is /run and /tmp. Have I been running unsafe systems?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14291

PostPosted: Sun Nov 04, 2018 11:08 pm    Post subject: Reply with quote

Your /dev/shm looks fine. I like having those same options on all my world writable areas.
Code:
tmpfs /tmp tmpfs rw,nodev,noexec,relatime 0 0
Only /var/tmp/portage is exempt, and I consider that an acceptable compromise when its permissions are restricted so that only the portage user can write to it.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum