Re: Put non-NULL pledge abort in the man page
Sebastien Marie wrote: > If the code you are using is restricted and can't be showed, please at > least show a ktrace output of the program run. At this point I am > still unsure that it is execve(2) which is causing pledge violation. actually I want to know where garbage code like this runs to make sure it hurts fewer people
Re: Put non-NULL pledge abort in the man page
On Wed, Nov 24, 2021 at 10:55:56PM -0600, Luke Small wrote:
> I took a hard look at it again…with more printf()s.
>
> It is killed at the execv which calls the calling executable to get
> different random number generated values with a slightly different argv set
> to prevent an indefinite loop.
>
> I put the following in before the execv:
>
> int i = pledge("stdio exec rpath”,
> "stdio exec proc rpath cpath wpath dns id unveil tty error");
> if (i == -1)
> err(1, "pledge, line: %d", __LINE__);
>
> After doing this it would dmesg rpath. I had to unveil(argv[0], “rx”);
> argv[0] which is “./pkg_ping” or “/full/path/to/pkg_ping” instead of having
> it as merely unveil(argv[0], “x”); which worked before.
>
> Now it gets shot in the head and leaves nothing in dmesg
>
> Does that mean that if execpromises is set, that it will get killed at
> every execve() series call? Does pledge/unveil not accept directly
> execv()ing back into the same program? Is it trying to read another file
> which unveil is still affecting?
if it is killed at execve(2), execpromises as nothing to do here (but
without seeing the whole code it is hard to be sure).
>From the small code you show, it seems that "proc" promise is missing
from your promises (first pledge(2) argument). You are unable to call
fork(2) without it, and the program will be killed.
If the code you are using is restricted and can't be showed, please at
least show a ktrace output of the program run. At this point I am
still unsure that it is execve(2) which is causing pledge violation.
--
Sebastien Marie
Re: Put non-NULL pledge abort in the man page
I took a hard look at it again…with more printf()s.
It is killed at the execv which calls the calling executable to get
different random number generated values with a slightly different argv set
to prevent an indefinite loop.
I put the following in before the execv:
int i = pledge("stdio exec rpath”,
"stdio exec proc rpath cpath wpath dns id unveil tty error");
if (i == -1)
err(1, "pledge, line: %d", __LINE__);
After doing this it would dmesg rpath. I had to unveil(argv[0], “rx”);
argv[0] which is “./pkg_ping” or “/full/path/to/pkg_ping” instead of having
it as merely unveil(argv[0], “x”); which worked before.
Now it gets shot in the head and leaves nothing in dmesg
Does that mean that if execpromises is set, that it will get killed at
every execve() series call? Does pledge/unveil not accept directly
execv()ing back into the same program? Is it trying to read another file
which unveil is still affecting?
>>
>> Luke Small wrote:
>>
>> > I have a program which runs fork() a couple times with pledges: “stdio
>> > cpath wpath” for writing to disk and “stdio dns” for a dns caching
>> process
>> > after accepting command-line input. Is the execpromises, permitted to
>> > increase/change to accommodate the different fork()s from the parent? If
>> > so, why isn’t all of this discussed in the manpage.
>> >
>> > I’m running 7.0 and it immediately is killed when I run pledge with a
>> > non-NULL execpromise.
>> >
>> > No error, just a sigabort. And nothing in the man page (even for
>> -current:
>> > on the web) which explains anything.
>> >
>> > https://github.com/lukensmall/pkg_ping
>> >
>> > This a command-line program is used to make manually choosing a
>> responsive
>> > mirror or automatically writing the most responsive OpenBSD mirror to
>> > /etc/installurl very easy.
>> >
>> > On Wed, Nov 24, 2021 at 11:50 AM Luke Small
>> wrote:
>> >
>> > > I tried calling pledge with a non-NULL execpromise and noticed that
>> it was
>> > > killed. That’d be convenient if that behavior was noted in the man
>> page!--
>> > > -Luke
>> > >
>> > --
>> > -Luke
>>
> --
> -Luke
>
--
-Luke
Re: Put non-NULL pledge abort in the man page
It kills your secret program because it is broken. >From the manual page: A process which attempts a restricted operation is killed with an uncatchable SIGABRT, delivering a core file if possible. You are so incapable of reading and learning. I am asking you to leave this list. Luke Small wrote: > It works great, up until the time that pledge() ITSELF gets shot in the head, > which > seems would be impossible! It’s supposed to only throw errors! Or did I miss > the memo > that there’s a “pledge” pledge? > > On Wed, Nov 24, 2021 at 8:19 PM Theo de Raadt wrote: > > You have a secret program and you want people on the internet to help > you debug what you have done wrong in this secret program. > > You obviously don't know what you are doing, and I think you don't > deserve help. > > Luke Small wrote: > > > I have a program which runs fork() a couple times with pledges: “stdio > > cpath wpath” for writing to disk and “stdio dns” for a dns caching process > > after accepting command-line input. Is the execpromises, permitted to > > increase/change to accommodate the different fork()s from the parent? If > > so, why isn’t all of this discussed in the manpage. > > > > I’m running 7.0 and it immediately is killed when I run pledge with a > > non-NULL execpromise. > > > > No error, just a sigabort. And nothing in the man page (even for -current: > > on the web) which explains anything. > > > > https://github.com/lukensmall/pkg_ping > > > > This a command-line program is used to make manually choosing a responsive > > mirror or automatically writing the most responsive OpenBSD mirror to > > /etc/installurl very easy. > > > > On Wed, Nov 24, 2021 at 11:50 AM Luke Small wrote: > > > > > I tried calling pledge with a non-NULL execpromise and noticed that it > was > > > killed. That’d be convenient if that behavior was noted in the man > page!-- > > > -Luke > > > > > -- > > -Luke > > -- > -Luke >
Re: Put non-NULL pledge abort in the man page
It works great, up until the time that pledge() ITSELF gets shot in the head, which seems would be impossible! It’s supposed to only throw errors! Or did I miss the memo that there’s a “pledge” pledge? On Wed, Nov 24, 2021 at 8:19 PM Theo de Raadt wrote: > You have a secret program and you want people on the internet to help > you debug what you have done wrong in this secret program. > > You obviously don't know what you are doing, and I think you don't > deserve help. > > > Luke Small wrote: > > > I have a program which runs fork() a couple times with pledges: “stdio > > cpath wpath” for writing to disk and “stdio dns” for a dns caching > process > > after accepting command-line input. Is the execpromises, permitted to > > increase/change to accommodate the different fork()s from the parent? If > > so, why isn’t all of this discussed in the manpage. > > > > I’m running 7.0 and it immediately is killed when I run pledge with a > > non-NULL execpromise. > > > > No error, just a sigabort. And nothing in the man page (even for > -current: > > on the web) which explains anything. > > > > https://github.com/lukensmall/pkg_ping > > > > This a command-line program is used to make manually choosing a > responsive > > mirror or automatically writing the most responsive OpenBSD mirror to > > /etc/installurl very easy. > > > > On Wed, Nov 24, 2021 at 11:50 AM Luke Small > wrote: > > > > > I tried calling pledge with a non-NULL execpromise and noticed that it > was > > > killed. That’d be convenient if that behavior was noted in the man > page!-- > > > -Luke > > > > > -- > > -Luke > -- -Luke
Re: Put non-NULL pledge abort in the man page
You have a secret program and you want people on the internet to help you debug what you have done wrong in this secret program. You obviously don't know what you are doing, and I think you don't deserve help. Luke Small wrote: > I have a program which runs fork() a couple times with pledges: “stdio > cpath wpath” for writing to disk and “stdio dns” for a dns caching process > after accepting command-line input. Is the execpromises, permitted to > increase/change to accommodate the different fork()s from the parent? If > so, why isn’t all of this discussed in the manpage. > > I’m running 7.0 and it immediately is killed when I run pledge with a > non-NULL execpromise. > > No error, just a sigabort. And nothing in the man page (even for -current: > on the web) which explains anything. > > https://github.com/lukensmall/pkg_ping > > This a command-line program is used to make manually choosing a responsive > mirror or automatically writing the most responsive OpenBSD mirror to > /etc/installurl very easy. > > On Wed, Nov 24, 2021 at 11:50 AM Luke Small wrote: > > > I tried calling pledge with a non-NULL execpromise and noticed that it was > > killed. That’d be convenient if that behavior was noted in the man page!-- > > -Luke > > > -- > -Luke
Re: Put non-NULL pledge abort in the man page
I have a program which runs fork() a couple times with pledges: “stdio cpath wpath” for writing to disk and “stdio dns” for a dns caching process after accepting command-line input. Is the execpromises, permitted to increase/change to accommodate the different fork()s from the parent? If so, why isn’t all of this discussed in the manpage. I’m running 7.0 and it immediately is killed when I run pledge with a non-NULL execpromise. No error, just a sigabort. And nothing in the man page (even for -current: on the web) which explains anything. https://github.com/lukensmall/pkg_ping This a command-line program is used to make manually choosing a responsive mirror or automatically writing the most responsive OpenBSD mirror to /etc/installurl very easy. On Wed, Nov 24, 2021 at 11:50 AM Luke Small wrote: > I tried calling pledge with a non-NULL execpromise and noticed that it was > killed. That’d be convenient if that behavior was noted in the man page!-- > -Luke > -- -Luke
[www] security.html - update link to BUGTRAQ ML
Hi, this patch updates the last link to the BUGTRAQ mailing list. Funny is that security.html has three such links and it took us three (3!) commits to update them all :) Cheers, Alex Index: security.html === RCS file: /cvs/www/security.html,v retrieving revision 1.451 diff -u -p -r1.451 security.html --- security.html 3 Nov 2021 19:19:47 - 1.451 +++ security.html 24 Nov 2021 21:14:06 - @@ -190,7 +190,7 @@ written somewhere, but perhaps not taken Our proactive auditing process has really paid off. Statements like This problem was fixed in OpenBSD about 6 months ago have become commonplace in security forums like -https://www.securityfocus.com/archive/1";>BUGTRAQ. +https://marc.info/?l=bugtraq";>BUGTRAQ. The most intense part of our security auditing happened immediately
Re: Upgrade to 7.0
Dear Mathiass, Thank you for your quick response. Unfortunately your workaround didn't work for me. But very smart move ;-) -Oorspronkelijk bericht- Van: Matthias Schmidt Aan: pas...@pascallen.nl Cc: misc@openbsd.org Onderwerp: Re: Upgrade to 7.0 Datum: Tue, 23 Nov 2021 21:53:23 +0100 E-mailprogramma: Mutt/2.1.3 (2021-09-10) Hi, * pas...@pascallen.nl wrote: > I'm trying to upgrade to 7.0 but it fails.The upgrade quide > shows:Check available disk space in /usr. Verify that the /usr > partition has a size of at least 1.1G. With less space the upgrade > may fail and you should consider reinstalling the system instead. > Well theres space. But _sysupgrade folder is DL in /home. And /home > isencrypted. Gets mounted after I give the password.When I don't have > sysupgrade dl in the mounted /home/_sysupgrade. Itgoes in the folder > /home on /Which doesn't have 1.1G spare. I have the same setup here (two disks and one contains the encrypted/home). I solved it as follows: * On my encrypted home partition, /home/_sysupgrade is a symlink to /var/_sysupgrade* On the root (/) partition, /home/_sysupgrade is a symlink to /mnt/var/_sysupgrade With these two symlinks I can run sysupgrade as usual when logged in.After booting into bsd.upgrade the script can find the data sets since/var/_sysupgrade will be mounted in /mnt on the ramdisk. This is a hack that's not officially supported and works for me! Cheers Matthias -- Met vriendelijke groet, Pascal Huisman Hodie natus est radici frater. [ Unto the root is born a brother ] signature.asc Description: This is a digitally signed message part
Re: Upgrade to 7.0
Dear Florian, Thank you for your swift reply. I tried the links solution to circumvent to no prevail. I edited the "stupidly simple script" in the binary only folder. Went like a charm. Even for someone as stupid as me. A hint in the upgrade quide would be nice for more real stupid like me. Thank you for the help. -Oorspronkelijk bericht- Van: Florian Obser Aan: misc@openbsd.org Onderwerp: Re: Upgrade to 7.0 Datum: Tue, 23 Nov 2021 21:39:22 +0100 E-mailprogramma: K-9 Mail for Android Here we go again... On 23 November 2021 21:00:18 CET, "pas...@pascallen.nl" < pas...@pascallen.nl> wrote: > I'm trying to upgrade to 7.0 but it fails.The upgrade quide > shows: Check available disk space in /usr. Verify that the /usr > partition has a size of at least 1.1G. With less space the upgrade > may fail and you should consider reinstalling the system instead. > Well theres space. But _sysupgrade folder is DL in /home. And /home > isencrypted. Gets mounted after I give the password.When I don't have > sysupgrade dl in the mounted /home/_sysupgrade. Itgoes in the folder > /home on /Which doesn't have 1.1G spare. > Does sysupgrade have a config file where the dl location is > specified? No. Just copy sysupgrade to ~/bin and edit it. It's a stupidly simple shell script. The magic is in the bootblocks and install.sub inside of bsd.rd. > Has this changed since 6.9? I'm baffled. No. Has always been like this. -- Met vriendelijke groet, Pascal Huisman "When it comes to humility, I'm the greatest." -- Bullwinkle Moose signature.asc Description: This is a digitally signed message part
Re: Supported 4K video cards
On 11/24/21 19:06, Allan Streib wrote: Recently a 4K monitor became available at work, it appears to support 3840x2160 at 60Hz only. My video card (ATI Radeon HD 5870) will do that but only at 30Hz. Anyone know of a supported card that will do 3840x2160 60Hz on DisplayPort? Allan I've a Radeon RX 5700 XT which also works under OpenBSD. I only have a single monitor setup. Sven
Re: Supported 4K video cards
On Wed, Nov 24, 2021 at 01:06:16PM -0500, Allan Streib wrote: > Recently a 4K monitor became available at work, it appears to support > 3840x2160 at 60Hz only. My video card (ATI Radeon HD 5870) will do that > but only at 30Hz. Anyone know of a supported card that will do 3840x2160 > 60Hz on DisplayPort? > > Allan > I have a Radeon RX 570 that works nice driving two 4K displays using DisplayPort. -Otto
Re: Put non-NULL pledge abort in the man page
On 11/24/21 11:50 AM, Luke Small wrote:
I tried calling pledge with a non-NULL execpromise and noticed that it was
killed. That’d be convenient if that behavior was noted in the man page!--
-Luke
You want to look at the "exec" portion of the manual. execpromises are
for setting up pledge for a forked child.
#include
#include
#include
#include
#include
int
main(int argc, char **argv)
{
pid_t pid;
const char *promises = "stdio proc exec";
const char *execpromises = "stdio";
int status;
if (pledge(promises, execpromises) != 0)
err(1, "pledge");
switch (pid = fork()) {
case -1:
err(1, "fork");
break;
case 0:
for (;;) {
sleep(10);
printf("i'm the child\n");
/* this will kill the child because
execpromises lacks rpath */
if (chdir("/") != 0)
err(1, "chdir");
}
exit(1);
default:
break;
}
printf("I'm the parent\n");
wait(&status);
printf("child exited with status: %d\n", status);
return 0;
}
bsd$ ./pledge
I'm the parent
i'm the child
child exited with status: 134
Nov 24 12:35:17 bsd /bsd: pledge[6216]: pledge "rpath", syscall 12
[www] arm64 - same system listed twice
Index: arm64.html === RCS file: /cvs/www/arm64.html,v retrieving revision 1.46 diff -u -p -r1.46 arm64.html --- arm64.html 21 Nov 2021 13:02:09 - 1.46 +++ arm64.html 24 Nov 2021 18:26:07 - @@ -115,7 +115,6 @@ OpenBSD/arm64 runs on the following hard https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/";>Raspberry Pi 3 Model B+ https://www.raspberrypi.org/products/raspberry-pi-4-model-b/specifications/";>Raspberry Pi 4 https://www.raspberrypi.org/products/raspberry-pi-400-unit/";>Raspberry Pi 400 -https://www.raspberrypi.org/products/raspberry-pi-400-unit/";>Raspberry Pi 400 https://www.raspberrypi.com/products/compute-module-4/";>Raspberry Pi Compute Module 4 Marvell ARMADA 3K
Supported 4K video cards
Recently a 4K monitor became available at work, it appears to support 3840x2160 at 60Hz only. My video card (ATI Radeon HD 5870) will do that but only at 30Hz. Anyone know of a supported card that will do 3840x2160 60Hz on DisplayPort? Allan
Put non-NULL pledge abort in the man page
I tried calling pledge with a non-NULL execpromise and noticed that it was killed. That’d be convenient if that behavior was noted in the man page!-- -Luke
Re: Weird shutdown behavior
My hunch was that `shutdown now` to `shutdown -p now` works same as `halt` to `halt -p` Which is wrong, as `shutdown now` doesn't shutdown the system/machine but only system services: "When the shutdown command is issued without options the system is placed in single user mode at the indicated time after shutting down all system services." http://man.openbsd.org/shutdown I admit my mistake and waive the second part of my message. Yet, the first part still holds unresolved: machine runs for 4 seconds only after any of: `shutdown -p now` `shutdown -hp now` `halt -p`
Re: How to check that HT is working and used?
Hi, Kevin! Yes, I have already disabled hw.smt. Thanks! The reason was well described in Mark Kettenis' commit message ( https://www.mail-archive.com/source-changes@openbsd.org/msg99141.html). About the CPU. Earlier, the OS installer saw a single processor with no cores. After updating the BIOS and setting the `MPS Table Mode' parameter to `BIOS to Full Table APIC' value, the installer finally saw the processor cores. сб, 20 нояб. 2021 г. в 03:20, Kevin Chadwick : > In case you missed Stuarts email that also mentioned that you were booting > the uni processor kernel. Then I will re-mention that HT, if still > re-enabled by you, was disabled by default for security reasons (hunch) on > OpenBSD. Linux came to realise issues later, but decided to stick with > insecure by default on a lot of hw! > -- Regards, Den
