It's 2018. Support for FreeBSD4 ended in 2007, I think it is exaggerated to put COMPAT_FREEBSD4 in the GENERIC or MINIMAL kernel configs by default. I propose to remove COMPAT_FREEBSD4, COMPAT_FREEBSD5, COMPAT_FREEBSD6, COMPAT_FREEBSD7 and COMPAT_FREEBSD8 from those files. I could not think of a reason to keep those options enabled by default, I'm only seeing possible security vulnerabilities. (For example, HardenedBSD disabled those COMPAT* options other than COMPAT_FREEBSD10 for security reasons: see https://github.com/HardenedBSD/hardenedBSD/blob/hardened/current/master/sys/amd64/conf/HARDENEDBSD) Thanks for hearing me out :P
See https://reviews.freebsd.org/D17375
Created attachment 202092 [details] COMPAT_FREEBSD patch
This came up in a triage session at the 2019 Waterloo Hackathon but this issue needs to be addressed via discussion on mailing list, presumably as an FCP. Would you start the discussion on -arch or -current?
(In reply to Ed Maste from comment #3) Yup, although I'm willing to initiate the discussion this weekend (time reasons).
^Triage: this no longer seems to be "in progress".
Is this still something that's on the table? I feel like ideally we would remove the default options for one major release (15.X?) and then remove a lot of the old code in the next major release. Not sure how hard this would be, but it seems like a sensible move in my mind. Could maybe keep support for 3 or 4 major versions by default, moving forward?
I think this is a good idea... But it's scope is larger than just a bug request... Maybe post it to arch@ as a discussion point? I suspect people will be like "sure, no problem." One question you should have answered up front is "how will this affect rust since it uses that old FreeBSD 10 binary stuff" or did at one point. That's the only possible reason to keep old stuff... and I think that it's fine to do this, and there's no lurking 'killer ap' that would need it.
I think Rust will be okay as this doesn't touch version 10 and supposedly it's being bumped along: https://github.com/rust-lang/rust/issues/89058 I'll send an email to arch@. That seems like a good idea.
Hard no. This is change for change's sake, with no justification beyond a handwavy “muh security”. If you have concrete issues with any of these options, feel free to raise them in separate PRs. Otherwise, let FreeBSD be FreeBSD. If you prefer HardenedBSD, you know where to find it.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=87bf0aaba8f1bd743d4df24ae422dd8075260d45 commit 87bf0aaba8f1bd743d4df24ae422dd8075260d45 Author: Henrich Hartzer <henrichhartzer@tuta.io> AuthorDate: 2024-05-10 23:03:14 +0000 Commit: Warner Losh <imp@FreeBSD.org> CommitDate: 2024-05-23 20:30:57 +0000 Remove COMPAT_FREEBSD4/5/6/7/9 from MINIMAL and FIRECRACKER kernel configurations FIRECRACKER is not a legacy config, so remove the really old FreeBSD versions from it. MINIMAL has a similar history, and limited target audience which has little to no overlap with really old binaries. Either of these is really easy to get additional binary compat with the include directive, so balance things better. Leave GENERIC alone. PR: 231768 Signed-off-by: Henrich Hartzer <henrichhartzer@tuta.io> Reviewed by: imp (MINIMAL), cperciva (FIRECRACKER) Pull Request: https://github.com/freebsd/freebsd-src/pull/1228 sys/amd64/conf/FIRECRACKER | 5 ----- sys/amd64/conf/MINIMAL | 5 ----- sys/i386/conf/MINIMAL | 5 ----- 3 files changed, 15 deletions(-)
Is it alright if we close this out? No consensus could be raised for GENERIC, but this has been done for MINIMAL and FIRECRACKER.