exec: remove support for transparently ungziping executables

Remove support for transparently ungziping executables from the exec
server. The code in question makes the exec server unnecessarily
complex and since the exec server is an essential process, crashing it
makes /hurd/init crash the whole system.

Since the gzip code is not thread-safe, all access to it is
serialized, so there is a trivial way for one user to delay another
users gzipped executables for some unspecified time.

This can be accomplished by padding any program with easily compressed
data, zipping it and executing it. Using such a program as an passive
translator and then triggering its execution by the filesystem
translator also stalls any requests to that filesystem (observed using
the libdiskfs-based ext2fs).

Since compressed executables cannot be mapped into the memory, they
have to be uncompressed into allocated memory first. This is slower
and any user with access to the exec server can make it allocate
arbitrary amounts of memory. If the Hurd had proper memory accounting,
this would probably be a way around it.

So the compression support in exec seemingly creates various issues
for little value, at least with the abundance of nonvolatile memory
available today.

* exec/Makefile: Remove gzip related files.
* exec/exec.c: Remove anything #ifdef GZIPped.
* exec/unzip.c: Move to libstore.
* exec/crypt.h: Likewise.
* exec/gzip.h: Likewise.
* exec/inflate.c: Likewise.
* exec/tailor.h: Likewise.
* exec/util.c: Likewise.
* libstore/Makefile: Remove the vpath magic for looking up the zip
  stuff.

9 files changed, 1 insertions, 147 deletions

diff --git a/exec/Makefile b/exec/Makefile
index 11d28752..890ee4b9 100644
--- a/exec/Makefile
+++ b/exec/Makefile
@@ -21,12 +21,8 @@ dir := exec
 makemode := server
 
 SRCS = exec.c main.c hashexec.c hostarch.c
-#       $(gzip-sources)
 OBJS = main.o hostarch.o exec.o hashexec.o \
        execServer.o exec_startupServer.o
-#       $(gzip-objects)
-gzip-sources = unzip.c util.c inflate.c
-gzip-objects = $(gzip-sources:%.c=%.o)
 
 target = exec
 #targets = exec exec.static
@@ -38,6 +34,6 @@ exec-MIGSFLAGS = -imacros $(srcdir)/execmutations.h
 
 include ../Makeconf
 
-CPPFLAGS += # -DGZIP -DBFD
+CPPFLAGS += # -DBFD
 
 exec.static exec: $(OBJS) $(library_deps)
diff --git a/exec/exec.c b/exec/exec.c
index 201e629a..fad94926 100644
--- a/exec/exec.c
+++ b/exec/exec.c
@@ -4,9 +4,6 @@
    Written by Roland McGrath.
 
    Can exec ELF format directly.
-   #ifdef GZIP
-   Can gunzip executables into core on the fly.
-   #endif
 
 This file is part of the GNU Hurd.
 
@@ -45,10 +42,6 @@ pthread_rwlock_t std_lock = PTHREAD_RWLOCK_INITIALIZER;
 
 #define	b2he()	a2he (errno)
 
-#ifdef GZIP
-static void check_gzip (struct execdata *);
-#endif
-
 /* Zero the specified region but don't crash the server if it faults.  */
 
 #include <hurd/sigpreempt.h>
@@ -720,118 +713,6 @@ load (task_t usertask, struct execdata *e)
   finish_mapping (e);
 }
 
-#ifdef GZIP
-/* Check the file for being a gzip'd image.  Return with ENOEXEC means not
-   a valid gzip file; return with another error means lossage in decoding;
-   return with zero means the file was uncompressed into memory which E now
-   points to, and `check' can be run again.  */
-
-static void
-check_gzip (struct execdata *earg)
-{
-  struct execdata *e = earg;
-  /* Entry points to unzip engine.  */
-  int get_method (int);
-  void unzip (int, int);
-  extern long int bytes_out;
-  /* Callbacks from unzip for I/O and error interface.  */
-  extern int (*unzip_read) (char *buf, size_t maxread);
-  extern void (*unzip_write) (const char *buf, size_t nwrite);
-  extern void (*unzip_read_error) (void);
-  extern void (*unzip_error) (const char *msg);
-
-  char *zipdata = NULL;
-  size_t zipdatasz = 0;
-  FILE *zipout = NULL;
-  jmp_buf ziperr;
-  off_t zipread_pos = 0;
-  int zipread (char *buf, size_t maxread)
-    {
-      char *contents = map (e, zipread_pos, 1);
-      size_t n;
-      if (contents == NULL)
-	{
-	  errno = e->error;
-	  return -1;
-	}
-      n = MIN (maxread, map_buffer (e) + map_fsize (e) - contents);
-      errno = hurd_safe_copyin (buf, contents, n); /* XXX/fault */
-      if (errno)
-        longjmp (ziperr, 2);
-        
-      zipread_pos += n;
-      return n;
-    }
-  void zipwrite (const char *buf, size_t nwrite)
-    {
-      if (fwrite (buf, nwrite, 1, zipout) != 1)
-	longjmp (ziperr, 1);
-    }
-  void ziprderr (void)
-    {
-      errno = ENOEXEC;
-      longjmp (ziperr, 2);
-    }
-  void ziperror (const char *msg)
-    {
-      errno = ENOEXEC;
-      longjmp (ziperr, 2);
-    }
-
-  unzip_read = zipread;
-  unzip_write = zipwrite;
-  unzip_read_error = ziprderr;
-  unzip_error = ziperror;
-
-  if (setjmp (ziperr))
-    {
-      /* Error in unzipping jumped out.  */
-      if (zipout)
-	{
-	  fclose (zipout);
-	  free (zipdata);
-	}
-      e->error = errno;
-      return;
-    }
-
-  if (get_method (0) != 0)
-    {
-      /* Not a happy gzip file.  */
-      e->error = ENOEXEC;
-      return;
-    }
-
-  /* Matched gzip magic number.  Ready to unzip.
-     Set up the output stream and let 'er rip.  */
-
-  zipout = open_memstream (&zipdata, &zipdatasz);
-  if (! zipout)
-    {
-      e->error = errno;
-      return;
-    }
-
-  /* Call the gunzip engine.  */
-  bytes_out = 0;
-  unzip (17, 23);		/* Arguments ignored.  */
-
-  /* The output is complete.  Clean up the stream and store its resultant
-     buffer and size in the execdata as the file contents.  */
-  fclose (zipout);
-
-  /* Clean up the old exec file stream's state.
-     Now that we have the contents all in memory (in E->file_data),
-     nothing will in fact ever try to use E->stream again.  */
-  finish (e, 0);
-
-  /* Prepare the stream state to use the file contents already in memory.  */
-  e->file_data = zipdata;
-  e->file_size = zipdatasz;
-  prepare_in_memory (e);
-}
-#endif
-
 
 static inline void *
 servercopy (void *arg, mach_msg_type_number_t argsize, boolean_t argcopy,
@@ -889,25 +770,6 @@ do_exec (file_t file,
 
       /* Check the file for validity first.  */
       check (e);
-
-#ifdef GZIP
-      if (e->error == ENOEXEC)
-	{
-	  /* See if it is a compressed image.  */
-	  static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
-	  /* The gzip code is really cheesy, not even close to thread-safe.
-	     So we serialize all uses of it.  */
-	  pthread_mutex_lock (&lock);
-	  e->error = 0;
-	  check_gzip (e);
-	  pthread_mutex_unlock (&lock);
-	  if (e->error == 0)
-	    /* The file was uncompressed into memory, and now E describes the
-	       uncompressed image rather than the actual file.  Check it again
-	       for a valid magic number.  */
-	    check (e);
-	}
-#endif
     }
 
 
diff --git a/libstore/Makefile b/libstore/Makefile
index eafdd0a7..607940b7 100644
--- a/libstore/Makefile
+++ b/libstore/Makefile
@@ -60,10 +60,6 @@ OBJS = $(SRCS:.c=.o) $(GUNZIP_OBJS) $(BUNZIP2_OBJS)
 
 include ../Makeconf
 
-# Look for zip stuff
-vpath %.c $(srcdir)/../exec
-CPPFLAGS += -I$(srcdir)/../exec
-
 module-CPPFLAGS = -D'STORE_SONAME_SUFFIX=".so.$(hurd-version)"'
 module-DEPS = $(..)config.make
 
diff --git a/exec/crypt.h b/libstore/crypt.h
index 2a4c203c..2a4c203c 100644
--- a/exec/crypt.h
+++ b/libstore/crypt.h
diff --git a/exec/gzip.h b/libstore/gzip.h
index aedc257d..aedc257d 100644
--- a/exec/gzip.h
+++ b/libstore/gzip.h
diff --git a/exec/inflate.c b/libstore/inflate.c
index c3be4381..c3be4381 100644
--- a/exec/inflate.c
+++ b/libstore/inflate.c
diff --git a/exec/tailor.h b/libstore/tailor.h
index d207af55..d207af55 100644
--- a/exec/tailor.h
+++ b/libstore/tailor.h
diff --git a/exec/unzip.c b/libstore/unzip.c
index d0f5bf11..d0f5bf11 100644
--- a/exec/unzip.c
+++ b/libstore/unzip.c
diff --git a/exec/util.c b/libstore/util.c
index 598586f5..598586f5 100644
--- a/exec/util.c
+++ b/libstore/util.c