Remove old COMPAT_FREEBSDn (n = 4, 5, 6, 7, 9) options from the kernel's default config file
Needs ReviewPublic
Actions

Authored by voidanix_420blaze.it on Oct 1 2018, 4:01 PM.

Details

Reviewers

cem
markj
imp
jhb
emaste

Summary

FreeBSD's 4,5,6, 7 and 9 releases are kinda old by now (some might actually call them dead): by keeping these options enabled by default in the kernel configuration file, means we are leaving security slightly behind for the sake of compatibility.

It's 2019. I also recommend having a pool on this change as it might be kinda controversial for some (@ some random FreeBSD4 user in current year).

Related to bug 231768

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

voidanix_420blaze.it created this revision.Oct 1 2018, 4:01 PM

Herald added subscribers: Contributor Reviews (src), imp. · View Herald TranscriptOct 1 2018, 4:01 PM

voidanix_420blaze.it retitled this revision from Remove very old COMPAT_FREEBSDn (n = 4, 5 ,6 ,7) options from the kernel's default config file to Remove very old COMPAT_FREEBSDn (n = 4, 5, 6, 7) options from the kernel's default config file .Oct 1 2018, 4:22 PM

I shan't comment on it on the change itself, but have you considered getting some reviewers attached to this?
Changes to FreeBSD typically don't land automatically, and there usually has to be at least some sort of review process.

In D17375#371509, @debdrup_gmail.com wrote:

I shan't comment on it on the change itself, but have you considered getting some reviewers attached to this?
Changes to FreeBSD typically don't land automatically, and there usually has to be at least some sort of review process.

Yeah I'm pretty new in here so I didn't know who to refer to, thanks anyways

I don't know what our policy around dropping old compat APIs is, if any, or if it is possible to implement FreeBSD-Ancient compat with loadable modules or not. If it can be loaded, I really don't see any harm in removing it from MINIMAL (and it reduces the attack surface in an area that is more likely than more commonly used KBIs to have security issues). I tagged Warner and John as folks who might know more about policy and/or more about older FreeBSDs :-).

cem added a reviewer: emaste.Oct 5 2018, 12:30 AM

Probably the same change should be made to i386, powerpc, powerpc64, and sparc64 GENERICs at the same time. I have no objection to the change myself.

Apply change to i386, PPC/PPC64 and SPARC64 too (@cem 's tip)

Herald added a subscriber: jhibbits. · View Herald TranscriptOct 10 2018, 8:50 PM

Add missed i386/conf/MINIMAL, prefer commenting over removing the entire line (to not make people think we removed the feature altogether), add COMPAT_FREEBSD9 as well, correct SVN branch

Herald added a subscriber: bdragon. · View Herald TranscriptFeb 17 2019, 11:18 AM

henrichhartzer_tuta.io added a subscriber: henrichhartzer_tuta.io.May 10 2024, 11:39 PM