=========
 Roadmap
=========

PRoot v5.1.1
============

* Fix ptrace emulation: on ARM.

* Fix ``proot-x86_64 -k ... -r rootfs-i686 uname -m``

* Fix TODO in test-517e1d6a

* Understand why loader-wrapped.o is so big on x86_64?


PRoot v5.2: leveraging on the loader
====================================

Highlight
---------

* Position-independent programs are loaded to predefined addresses,
  even if ASLR is enabled.  This might results in conflicts with
  mappings created implicitly by the kernel ("[vdso]", "[stack]",
  ...).  A reliable solution is to let the kernel choose the position
  of position-independent programs.

* The loader is loaded to a predefined address, si it might conflicts
  with programs that are loaded to the same address.  A solution is to
  detect such situation and to make the loader relocate itself.

* The loader stays in memory, even once it is not used anymore.  This
  might create useless address-space pressure for programs that need
  large memory mappings (ex. JVM).

* Some programs assumes the heap segment is right after the data
  segment (cf. issue 52 on Github).

Misc.
-----

* Write a loader for a.out programs, to be able to execute programs
  from very old Linux distros :)


PRoot v6.0: VFS
===============

Highlight
---------

One core feature of PRoot is the path translation.  This mechanism
heavily relies on "stat", sadly this syscall is quite slow on some FS
(like NFS).  The idea is to cache the results of the path translation
mechanism to avoid the use of "stat" as much as possible in order to
speed-up PRoot.

The internal structure of this FS cache could also be used to emulate
the "getdents" syscall in order to add or hide entries.


Not yet scheduled
=================

Fixes
-----

* Fix ptrace emulation support on ARM.

* Fix support for GDB v/fork & execve catchpoints.

* Add support for unimplemented ptrace requests.

* Add new hidden option "PROOT_MIN_HEAP_SIZE".

* Fix ``mkdir foo; cd foo; rmdir ../foo; readlink /proc/self/cwd``.

* Forbid rename/unlink on a mount point:

    $ mv mount_point elsewhere
    mv: cannot move "mount_point" to "elsewhere": Device or resource busy

* Add support for the string $ORIGIN (or equivalently ${ORIGIN}) in an rpath specification

* Add support for /etc/ld.so.preload and /etc/ld.so.conf[.d] in mixed-mode.

* Fix ``proot -k 1.2.3 proot -k 2.4.6 -k 3.4.5 uname -r | grep 3.4.5``.

* Don't use the same prefix for glued path::

      $ proot -b /etc/fstab -b /bin/readdir:/bin/readdir -r /tmp/empty-rootfs
      [...]
      proot info: binding = /tmp/proot-6738-CMr1hE:/bin
      proot info: binding = /tmp/proot-6738-CMr1hE:/etc
      [...]
      $ readdir /bin
      DT_DIR  ..
      DT_DIR  .
      DT_REG  readdir
      DT_REG  fstab
      $ readdir /etc
      DT_DIR  ..
      DT_DIR  .
      DT_REG  readdir
      DT_REG  fstab


Features
--------

* Use PTRACE_O_EXITKILL if possible.

* Do not seccomp-trace any syscalls when there are no bindings.  This
  should improve performance of ATOS extensions a alot.

* Add a mechanism to add new [fake] entries in /proc, for instance
  ``/proc/proot/config``.

* Add a way to get the reverse translation of a path::

      proot [bindings] -x /usr/local/bin

  or maybe something like that::

      proot [bindings] readlink /proc/proot/detranslate/usr/local/bin

* Make ``mount --bind`` change the tracee's configuration dynamically.

* Make ``chroot`` change the tracee's configuration dynamically (not
  only of ``/``).

* Add support for a special environment variable to add paths
  dynamically to the host LD_LIBRARY_PATH
  ("EXTRA_HOST_LD_LIBRARY_PATH").

* Add a "blind" mode where:

  * unreadable executable can be executed::

      proot mount: OK (rwsr-xr-x)
      proot ping: failed (rws--x--x)

  * unreadable directory can be accessed

* Add command-line interface to set environment variables.

    Rename push_env() in change_env() and enhance it to support the
    "unset" feature.

* Add support for coalesced options, for instance ``proot -eM``

* Allow a per-module verbose level

* Emulate chown, chmod, and mknod when -0 (fake_id0) is enabled.


Documentation
-------------

* Mention "container" in the documentation.

* Explain bindings aren't exclusive, i.e. "-b /tmp:/foo" doesn't invalidate "-b /tmp:/bar".

* Explain why PRoot does not work with setuid programs


Misc.
-----

* Replace "readlink(XXX, path, PATH_MAX)" with "readlink(XXX, path, PATH_MAX - 1)"

* read_string should return -ENAMETOOLONG when length(XXX) >= max_size

* Check (in ld.so sources) if more than one RPATH/RUNPATH entry is allowed.

* Ensure tracees' clone flags has CLONE_PTRACE & ~CLONE_UNTRACED.

* Add a stealth mode where over-the-stack content is restored.

* Try Trinity/Scrashme (syscall fuzzers) against PRoot


Performance
-----------

* prefetch_mem(): cache write-through memory access (read_string, fetch_args).

* Fallback to /proc/<pid>/mem when process_vm_readv() isn't available.

* Add a "multi-process" mode where there's one fork of PRoot per monitored process.

    Each time a new_tracee structure is created, PRoot forks itself.
    Be sure that the tracer of this new process really is the new
    forked PRoot! (Thanks Yves for this comment)
