Linux Patches Posted That Would Allow Boot-Time Disabling Of x86 32-bit Processes

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • ferry
    Senior Member
    • Mar 2013
    • 274

    #11
    Originally posted by avis View Post
    Michael

    Worth your consideration, of course, there's no need to attribute this to me you never do anyways.

    1. Apple adds JPEG-XL across the board to all its major software products: https://twitter.com/jensimmons/statu...58844122894336
    2. Apple uses Wine to offer DirectX 12 support on MacOS: https://www.codeweavers.com/blog/mjo...er-source-code

    You're welcome.
    Thanks for hijacking the thread, well done!

    Comment

    • andyprough
      Senior Member
      • Feb 2012
      • 2437

      #12
      Originally posted by ferry View Post

      Thanks for hijacking the thread, well done!
      Wow, so rude. avis is a newcomer, has never been here at all prior to December 2022, doesn't even know anything about our commenting style, or how to troll on this forum.

      Old timers like you and me need to be more welcoming to complete newbies like avis

      Comment

      • archkde
        Senior Member
        • May 2019
        • 667

        #13
        Originally posted by stompcrash View Post
        What will we do if this becomes the default?
        Remove the option from the bootloader configuration again.

        Comment

        • loganj
          Senior Member
          • Nov 2017
          • 606

          #14
          does this means that x32 programs won't run at all with this option?

          Comment

          • amxfonseca
            Phoronix Member
            • Sep 2019
            • 89

            #15
            Originally posted by andyprough View Post

            That's interesting, especially given that Apple has been pushing its own image format. HEIF or HEIC, or whatever the format is called.
            Apple is not pushing its own format. HEIF is the container format. That can then be used together with compression codecs like HEVC or AV1 to produce HEIC or AVIF files respectively.

            All of those are proper standards that aren’t owned by Apple. Apple was just the first major vendor to move away from JPEG to a more efficient format. And at that moment AVIF wasn’t a thing.

            Comment

            • archkde
              Senior Member
              • May 2019
              • 667

              #16
              Originally posted by loganj View Post
              does this means that x32 programs won't run at all with this option?
              x32 programs already don't run on most distributions, because that requires a separate kernel config option to be enabled.

              Comment

              • andyprough
                Senior Member
                • Feb 2012
                • 2437

                #17
                Originally posted by amxfonseca View Post

                Apple is not pushing its own format. HEIF is the container format. That can then be used together with compression codecs like HEVC or AV1 to produce HEIC or AVIF files respectively.

                All of those are proper standards that aren’t owned by Apple. Apple was just the first major vendor to move away from JPEG to a more efficient format. And at that moment AVIF wasn’t a thing.
                Ah, thanks for clarifying. I'm reading now that HEIF is encumbered by Nokia patents, so probably Apple has many good $$$$ reasons to implement jpeg-xl.

                Comment

                • stormcrow
                  Senior Member
                  • Jul 2017
                  • 1511

                  #18
                  I don't buy this as "attack surface reduction" in this particular form. But I do believe it's a good switch to use on fleet test machines to make sure an enterprise's software deployments are truly 64 bit clean, and not just pseudo-64 bit. It's the case in some commercial software offerings that the main program is 64 bit, but some of the subordinate programs may not be for whatever reason. It's a first baby step towards removing obsolete technology, but by itself doesn't really move the needle on reducing attack surface.

                  The reason I don't believe simply flipping a switch at boot will have a practical effect on security surface is because attackers won't really care if you have 32 bit process support or not. There's already a lot of low lying fruit to exploit on most Linux boxes to begin with, starting with a company's own staff. Much Unix malware uses installed onboard interpreters (Python, shell: Bash on Linux, zsh on Mac, Perl, the three interpreters nearly guaranteed to exist on any Unix-like box) anyway so neither endianess nor 32 v. 64 bit environment really matter. If it does matter, then they'll be using stand-alone targeted environment pre-compiled packages. Once one has account access it's trivial to tailor attacks by just checking version numbers versus available features. "Living off the land" is already a big thing with Linux exploitation.

                  All of that said, there's also no reason not to give admins another tool for whatever reason they see fit to use it for. It won't have a practical effect on security posture in either direction, imo. But it may have an effect on resource utilization, especially in an academic environment where students often bring their own games to play where they aren't supposed to. Disabling 32 bit support entirely will block students from playing old commercial games on school hardware in which they bring their own support libraries with them. Course, it won't do a thing to stop modern games that are already 64 bit clean. I remember Doom, RoTT, Duke Nukem 3D, and Roger Wilco being installed on nearly every computer that could support it in college back in the day, including Doom and cbzone (a Battle Zone Unix clone) being on several high end Unix workstations back in the day. Big time waster! I imagine most students will just pull out their own personal laptop or phone and play whatever, but there's always that alure to try to see what the experience of playing $GAME on a $10k workstation or a $200 million HPC cluster with visualization console. "Yes... but does it run QuakeRTX?!"

                  Comment

                  • timofonic
                    Senior Member
                    • Feb 2008
                    • 2684

                    #19
                    Originally posted by andyprough View Post

                    Wow, so rude. avis is a newcomer, has never been here at all prior to December 2022, doesn't even know anything about our commenting style, or how to troll on this forum.

                    Old timers like you and me need to be more welcoming to complete newbies like avis
                    Are you sure? It seems a secondary nickname of someone that is another Apple fanboy.

                    Comment

                    • toves
                      Senior Member
                      • Sep 2021
                      • 120

                      #20
                      These patches would allow the x86_32 arcitecture to be treated like any other foreign processor such as arm, requiring an emulator (qemu?) to run the arcitecture's binaries. This is mostly a good thing from the system administration perspective. SGI irix MIPS were also a pain with o32, n32 and 64 bit ABIs especially when compared with pure 64 bit platforms like DEC Alpha.
                      The 32/64 support in RHEL6 always made updates a bit of a lottery.

                      Comment

                      Working...
                      X