From b2e27fcee4cec98ffc39273ecfaa73aace9da2c3 Mon Sep 17 00:00:00 2001
From: Justus Winter <4winter@informatik.uni-hamburg.de>
Date: Thu, 15 Aug 2013 18:41:51 +0200
Subject: exec: remove support for transparently ungziping executables

Remove support for transparently ungziping executables from the exec
server. The code in question makes the exec server unnecessarily
complex and since the exec server is an essential process, crashing it
makes /hurd/init crash the whole system.

Since the gzip code is not thread-safe, all access to it is
serialized, so there is a trivial way for one user to delay another
users gzipped executables for some unspecified time.

This can be accomplished by padding any program with easily compressed
data, zipping it and executing it. Using such a program as an passive
translator and then triggering its execution by the filesystem
translator also stalls any requests to that filesystem (observed using
the libdiskfs-based ext2fs).

Since compressed executables cannot be mapped into the memory, they
have to be uncompressed into allocated memory first. This is slower
and any user with access to the exec server can make it allocate
arbitrary amounts of memory. If the Hurd had proper memory accounting,
this would probably be a way around it.

So the compression support in exec seemingly creates various issues
for little value, at least with the abundance of nonvolatile memory
available today.

* exec/Makefile: Remove gzip related files.
* exec/exec.c: Remove anything #ifdef GZIPped.
* exec/unzip.c: Move to libstore.
* exec/crypt.h: Likewise.
* exec/gzip.h: Likewise.
* exec/inflate.c: Likewise.
* exec/tailor.h: Likewise.
* exec/util.c: Likewise.
* libstore/Makefile: Remove the vpath magic for looking up the zip
  stuff.
---
 libstore/crypt.h | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 libstore/crypt.h

(limited to 'libstore/crypt.h')

diff --git a/libstore/crypt.h b/libstore/crypt.h
new file mode 100644
index 00000000..2a4c203c
--- /dev/null
+++ b/libstore/crypt.h
@@ -0,0 +1,12 @@
+/* crypt.h (dummy version) -- do not perform encryption
+ * Hardly worth copyrighting :-)
+ */
+
+#ifdef CRYPT
+#  undef CRYPT      /* dummy version */
+#endif
+
+#define RAND_HEAD_LEN  12  /* length of encryption random header */
+
+#define zencode
+#define zdecode
-- 
cgit v1.2.3