lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20180823190657.GA12057@1wt.eu>
Date:   Thu, 23 Aug 2018 21:06:57 +0200
From:   Willy Tarreau <w@....eu>
To:     Adam Borowski <kilobyte@...band.pl>
Cc:     "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
        nicolas.pitre@...aro.org, josh@...htriplett.org,
        linux-kernel@...r.kernel.org
Subject: Re: Kernel-only deployments?

On Thu, Aug 23, 2018 at 08:54:17PM +0200, Adam Borowski wrote:
> .globl _start
> .data
> req:    .8byte 999999999, 999999999
> .text
> _start:
>         mov     $35, %rax       # syscall: nanosleep
>         mov     $req, %rdi
>         xor     %rsi, %rsi
>         syscall
>         jmp     _start
> 
> 
> as sl.s -o sl.o
> ld sl.o -o init
> 
> 'Ere you go, no libc needed.  If your arch is not amd64, just say so.
> 
> If you want to do anything more complex, though -- you really want musl
> or another lightweight libc instead.  Glibc is utterly unfit for static
> linking.

Since there seems to be some interest about this, I'll repost this
here. I've developed a "nolibc" include file which implements most
common syscalls and string functions (those I use in early boot)
as static inlines so the resulting executable only contains the
code you really use :

    http://git.formilux.org/?p=people/willy/nolibc.git;a=tree

Example :

  $ echo "int main() { return sleep(3);}" | gcc -Os -nostdlib -include ../nolibc/nolibc.h -s -fno-exceptions -fno-asynchronous-unwind-tables -fno-unwind-tables  -lgcc -o sleep -xc -
  $ ls -l sleep
  -rwxr-xr-x 1 willy users 664 Aug 23 20:37 sleep

It's actually used by my pre-init loader that is embedded into the
initramfs of all my kernels, to untar the modules and switch to the
initrd or rootfs. This way all my modules are contained into the
kernel image and I can easily use many different kernels with rootfs
without having to install modules.

Just in case someone curious would want to know more about it, the
(old and horrible) preinit is here :

  http://git.formilux.org/?p=dist/src/flxutils.git;a=tree;f=init;h=9dc8fbae6383d9b4d56d34cc6c3d59585318bef8;hb=HEAD

And the (old and ugly) build script is here :

  http://git.formilux.org/?p=dist/techno.git;a=tree;f=scripts/kernel;hb=HEAD

Yes it's aging a lot now but it's still very convenient ;-)

Willy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ