|Summary:||Unclear QA notice message for TEXTRELs|
|Product:||Portage Development||Reporter:||Ciaran McCreesh <ciaran.mccreesh>|
|Component:||Core||Assignee:||Portage team <dev-portage>|
|Severity:||enhancement||CC:||halcy0n, pageexec, prakashp|
|Package list:||Runtime testing required:||---|
Description Ciaran McCreesh 2005-12-15 19:43:22 UTC
The following message is given if ELF binaries containing TEXTRELs are found: QA Notice: the following files contain runtime text relocations Text relocations require a lot of extra work to be preformed by the dynamic linker which will cause serious performance impact on IA-32 and might not function properly on other architectures hppa for example. If you are a programmer please take a closer look at this package and consider writing a patch which addresses this problem. Unfortunately, this reads like an especially bad high school book report that was written on the bus on the way to school half an hour before it was due to be handed in. Here's a better version: QA Notice: the following files contain runtime text relocations. Unnecessary text relocations increase the amount of work that must be performed by the dynamic linker, possibly leading to a minor performance degradation upon startup.
Comment 1 solar (RETIRED) 2005-12-16 06:47:22 UTC
If you want bugs fixed you should try it without all the insults and without omiting the vitial info.
Comment 2 Jason Stubbs (RETIRED) 2005-12-16 06:50:01 UTC
*** Bug 115743 has been marked as a duplicate of this bug. ***
Comment 3 Ciaran McCreesh 2005-12-16 12:05:43 UTC
What vital info? I've dropped the IA-32 example because it adds no value to the message. I've dropped the "may not work on some archs" because a) things that don't work aren't keyworded, and b) for it to be of any value a complete list of archs on which TEXTRELs don't work is needed. I've dropped the "please fix" thing because we don't include "please fix" notices after compile errors either.
Comment 4 solar (RETIRED) 2005-12-16 15:10:58 UTC
Ciaran you dont seem to understand that as long as you remaining acting like an ahole people are not going to be willing/wanting to work with you no matter how many times you reopen a bug. The text will be updated. I'll seek advice from those who know more on the subject other than yourself on the finer points of wording. Tip for the future. Don't be so aggressive & insulting in the future. You are only leaving a bad taste in people's mouths. (ie grow up)
Comment 5 Ciaran McCreesh 2005-12-16 15:20:44 UTC
This is about presenting a good impression to our users, not protecting your ego. Screwups like incoherent messages do far more damage to Gentoo than the odd TEXTREL.
Comment 6 SpanKY 2005-12-16 16:29:32 UTC
or we can clean up the message *and* you can stop being a dick fixed in svn
Comment 7 Ciaran McCreesh 2005-12-16 16:45:11 UTC
Still not right: "wastes system resources" should be "waste system resources", or better "may waste system resources". The "and may pose a security risk" part is like saying "and may cause flying monkeys to jump out of your computer". "ever function" should probably be "even function". The "If you are a programmer" part should be removed -- we don't say "If you are a programmer, please consider fixing this bug" when we encounter a compile error...
Comment 8 SpanKY 2005-12-16 16:49:10 UTC
Comment 9 solar (RETIRED) 2005-12-16 16:52:54 UTC
SpanKY I was thinking that we could perhaps address the ro vs rwx segment problems but what you wrote is perfect enough for now. thanks..
Comment 10 PaX Team 2005-12-16 17:34:16 UTC
Dear Ciaran, i think you should have heeded solar's advice about not insulting people on subjects you're obviously not familiar with. 1. text relocations are BAD. in short, there's no such thing as 'unnecessary text relocations'. ALL of them are unnecessary, without exception. if you don't get it, then read Ulrich Drepper's DSO howto. 2. one BAD thing is the application startup slowdown. it doesn't matter much for infrequently executed apps, but it does matter for frequently executed ones (and it's also a function of the amount of pages touched by textrels). i agree that the 'will cause' should be 'may cause', but 'minor' is not true in general either. 3. the second BAD thing is the increase of physical memory usage, also known as wasting precious RAM. every instance of the ELF file having textrels will waste physical memory (and ultimately, swap space as well). that has performance impact in some situations. 4. the third and really BAD thing is the fact that performing textrels requires the privilege of runtime code generation. which happens to be the exact same privilege that every exploit using shellcode needs (that is, about all of them). in other words, when you allow textrels in an application, you automatically make it also possible to exploit its bugs (including bugs in libraries it links in) in the most used (and easiest) way. in other words, having/allowing textrels is a BUG, not a feature (unless you don't care about security but then you're better off with Windows).
Comment 11 Ciaran McCreesh 2005-12-16 17:43:04 UTC
Sure, code using TEXTRELs is bad, like code using goto is bad and code calculating large tables of constants at startup and not sharing it between processes is bad. It's a question of proportion. Running around screaming isn't the proportionate response here.
Comment 12 PaX Team 2005-12-17 03:55:48 UTC
(In reply to comment #11) > Sure, code using TEXTRELs is bad, like code using goto is bad oh boy. you're not only clueless about security/textrels, but generic programming concepts as well. besides GOTO having nothing to do with the subject matter of this bug, it's nowhere near as bad as textrels. GOTO is useful, if it wasn't, CPUs wouldn't have insns implementing it (and the kernel you're using right now happily uses it all over the place, grep is your friend in case you have any doubts). the *way* it's used may or may not be bad, but that has nothing to do with its mere existence. in contrast, textrels are BAD, regardless of how many of them you have. re-read my point about the security impact of textrels and try to understand that having a SINGLE textrel will force you to give up security on the affected app (or in case of a library, ALL apps using that library). in other words, the problem with textrels is not how many of them you have, but that you have them at all. > It's a question of proportion. Running around screaming isn't > the proportionate response here. no, it's not a question of proportion at all. and the only person running around screaming seems to be you, given that you're the first and only person that bitched^Wcomplained about this message since we put it into gentoo. all other people had the intelligence to either ignore it silently or report it to us so that we could fix them (i suggest you look for me in bugzilla and see the work we've done so far - all without useless flames).
Comment 13 Ciaran McCreesh 2005-12-17 10:12:20 UTC
*shrug* I'm more or less happy with the new message now, even if it still does give users the impression that TEXTRELs themselves might be a cause of a security problem rather than merely a means by which an existing security problem can become more severe. At least it makes sense now. I'm guessing that the other people who complained too are also happy, since none of them have stepped up.