Re: libressl-2.1.6 on AIX
After this change and autoconf, and configure... diff -ur ../portable.a/configure.ac ../portable.b/configure.ac --- ../portable.a/configure.ac 2015-04-10 03:59:16 + +++ ../portable.b/configure.ac 2015-04-10 20:41:33 + @@ -15,8 +15,6 @@ AC_PROG_LIBTOOL LT_INIT -CFLAGS="$CFLAGS -Wall -std=gnu99" - case $host_os in *aix*) HOST_OS=aix ... config.status: executing depfiles commands config.status: executing libtool commands root@x064:[/data/prj/openbsd/libressl/portable]make CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /data/prj/openbsd/libressl/portable/missing aclocal-1.15 -I m4 cd . && /bin/sh /data/prj/openbsd/libressl/portable/missing automake-1.15 --gnu CDPATH="${ZSH_VERSION+.}:" && cd . && /bin/sh /data/prj/openbsd/libressl/portable/missing autoconf /bin/sh ./config.status --recheck running CONFIG_SHELL=/bin/sh /bin/sh ./configure --prefix=/opt --sysconfdir=/var/libressl/etc --sharedstatedir=/var/libressl/com --localstatedir=/var/libressl --mandir=/opt/share/man/libressl --infodir=/opt/share/info/libressl --program-suffix=_64 CC=xlc --no-create --no-recursion checking build system type... powerpc-ibm-aix5.3.7.0 checking host system type... powerpc-ibm-aix5.3.7.0 ... config.status: creating libcrypto.pc config.status: creating libssl.pc config.status: creating libtls.pc config.status: creating openssl.pc config.status: executing depfiles commands config.status: executing libtool commands Making all in crypto make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto' CC aes/libcrypto_la-aes_cbc.lo CC aes/libcrypto_la-aes_core.lo CC camellia/libcrypto_la-camellia.lo CC camellia/libcrypto_la-cmll_cbc.lo CC rc4/libcrypto_la-rc4_enc.lo On Fri, Apr 10, 2015 at 3:34 PM, Michael Felt wrote: > >Also, I didn't add the configure.ac line that set CFLAGS to empty string > that was in >the original patch. The current master branch has switched to > letting autoconf >initialize the CFLAGS directly. This worked fine with gcc > when I tried it, but I'd be >interested in seeing how it works with other > AIX compilers. > > Looks like autoconf is broken then: > > --- libressl-2.1.6.0/configure.ac 2015-03-19 05:40:26 + > +++ portable/configure.ac 2015-04-10 03:59:16 + > @@ -9,10 +9,22 @@ > > m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) > > -AC_SUBST([USER_CFLAGS], "$CFLAGS") > -CFLAGS="-Wall -std=gnu99 -g -O2" > +AC_PROG_CC > +AC_PROG_CC_STDC > +AM_PROG_CC_C_O > +AC_PROG_LIBTOOL > +LT_INIT > + > +CFLAGS="$CFLAGS -Wall -std=gnu99" > > case $host_os in > + *aix*) > + HOST_OS=aix > + AC_SUBST([PLATFORM_LDADD], ['-lperfstat -lpthread']) > + ;; > + *cygwin*) > + HOST_OS=cygwin > + ;; > *darwin*) > > config.status: executing depfiles commands > config.status: executing libtool commands > root@x064:[/data/prj/openbsd/libressl/portable]make > Making all in crypto > make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto' > CC aes/libcrypto_la-aes_cbc.lo > cc: 1501-210 (S) command option Wall contains an incorrect subargument > > more verbose > > root@x064:[/data/prj/openbsd/libressl/portable]make V=1 > Making all in crypto > make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto' > source='aes/aes_cbc.c' object='aes/libcrypto_la-aes_cbc.lo' libtool=yes \ > DEPDIR=.deps depmode=xlc /bin/sh ../depcomp \ > /bin/sh ../libtool --tag=CC --mode=compile cc -qlanglvl=extc89 > -qlanglvl=extc99 -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" > -DPACKAGE_VERSION=\"2.2.0\" -DPACKAGE_STRING=\"libressl\ 2.2.0\" > -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" > -DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 > -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 > -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 > -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -DOPENSSL_NO_HW_PADLOCK > -I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall > -std=gnu99-DHAVE_GNU_STACK -c -o aes/libcrypto_la-aes_cbc.lo `test -f > 'aes/aes_cbc.c' || echo './'`aes/aes_cbc.c > libtool: compile: cc -qlanglvl=extc89 -qlanglvl=extc99 > -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" > -DPACKAGE_VERSION=\"2.2.0\" "-DPACKAGE_STRING=\"libressl 2.2.0\"" > -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" > -DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 > -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 > -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 > -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -DOPENSSL_NO_HW_PADLOCK > -I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall > -std=gnu99 -DHAVE_GNU_STACK -c aes/aes_cbc.c > -Wp,-qmakedep=gcc,-MFaes/.deps/libcrypto_la-aes_cbc.TPlo -DPIC -o > aes/.libs
Re: libressl-2.1.6 on AIX
>Also, I didn't add the configure.ac line that set CFLAGS to empty string that was in >the original patch. The current master branch has switched to letting autoconf >initialize the CFLAGS directly. This worked fine with gcc when I tried it, but I'd be >interested in seeing how it works with other AIX compilers. Looks like autoconf is broken then: --- libressl-2.1.6.0/configure.ac 2015-03-19 05:40:26 + +++ portable/configure.ac 2015-04-10 03:59:16 + @@ -9,10 +9,22 @@ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) -AC_SUBST([USER_CFLAGS], "$CFLAGS") -CFLAGS="-Wall -std=gnu99 -g -O2" +AC_PROG_CC +AC_PROG_CC_STDC +AM_PROG_CC_C_O +AC_PROG_LIBTOOL +LT_INIT + +CFLAGS="$CFLAGS -Wall -std=gnu99" case $host_os in + *aix*) + HOST_OS=aix + AC_SUBST([PLATFORM_LDADD], ['-lperfstat -lpthread']) + ;; + *cygwin*) + HOST_OS=cygwin + ;; *darwin*) config.status: executing depfiles commands config.status: executing libtool commands root@x064:[/data/prj/openbsd/libressl/portable]make Making all in crypto make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto' CC aes/libcrypto_la-aes_cbc.lo cc: 1501-210 (S) command option Wall contains an incorrect subargument more verbose root@x064:[/data/prj/openbsd/libressl/portable]make V=1 Making all in crypto make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto' source='aes/aes_cbc.c' object='aes/libcrypto_la-aes_cbc.lo' libtool=yes \ DEPDIR=.deps depmode=xlc /bin/sh ../depcomp \ /bin/sh ../libtool --tag=CC --mode=compile cc -qlanglvl=extc89 -qlanglvl=extc99 -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.2.0\" -DPACKAGE_STRING=\"libressl\ 2.2.0\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -DOPENSSL_NO_HW_PADLOCK -I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall -std=gnu99-DHAVE_GNU_STACK -c -o aes/libcrypto_la-aes_cbc.lo `test -f 'aes/aes_cbc.c' || echo './'`aes/aes_cbc.c libtool: compile: cc -qlanglvl=extc89 -qlanglvl=extc99 -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.2.0\" "-DPACKAGE_STRING=\"libressl 2.2.0\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -DOPENSSL_NO_HW_PADLOCK -I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall -std=gnu99 -DHAVE_GNU_STACK -c aes/aes_cbc.c -Wp,-qmakedep=gcc,-MFaes/.deps/libcrypto_la-aes_cbc.TPlo -DPIC -o aes/.libs/libcrypto_la-aes_cbc.o cc: 1501-210 (S) command option Wall contains an incorrect subargument make[1]: *** [aes/libcrypto_la-aes_cbc.lo] Error 1 make[1]: Leaving directory `/data/prj/openbsd/libressl/portable/crypto' make: *** [all-recursive] Error 1 and when I change CC to xlc I get the same error (after rerunning configure) config.status: executing depfiles commands config.status: executing libtool commands root@x064:[/data/prj/openbsd/libressl/portable]make V=1 Making all in crypto make[1]: Entering directory `/data/prj/openbsd/libressl/portable/crypto' source='aes/aes_cbc.c' object='aes/libcrypto_la-aes_cbc.lo' libtool=yes \ DEPDIR=.deps depmode=xlc /bin/sh ../depcomp \ /bin/sh ../libtool --tag=CC --mode=compile xlc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.2.0\" -DPACKAGE_STRING=\"libressl\ 2.2.0\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -DOPENSSL_NO_HW_PADLOCK -I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g -Wall -std=gnu99-DHAVE_GNU_STACK -c -o aes/libcrypto_la-aes_cbc.lo `test -f 'aes/aes_cbc.c' || echo './'`aes/aes_cbc.c libtool: compile: xlc -DPACKAGE_NAME=\"libressl\" -DPACKAGE_TARNAME=\"libressl\" -DPACKAGE_VERSION=\"2.2.0\" "-DPACKAGE_STRING=\"libressl 2.2.0\"" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libressl\" -DVERSION=\"2.2.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -DOPENSSL_NO_HW_PADLOCK -I../include -I../crypto/asn1 -I../crypto/evp -I../crypto/modes -g
Re: libressl-2.1.6 on AIX
> Just to make sure I understand what is expected of isssetguid() - could you > perhaps, in terms of ls -l output with suid programs describe the > sequence(s) where the value should be 1 - and especially, when they might > (read should) be 0. > > >From memory of what I read (how I understood) the man page, if was > superuser, and am still user - then 0 is appropriate. However, if was > superuser (euid == 0) and a setuid call is used to demote/lower privilidge > then 1 is the correct value. Completely wrong, and I have no no idea where you got that from! Read the man page again! http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/issetugid.2?query=issetugid The issetugid status of a process is only affected by execve(). Let's look at the OpenBSD kernel, where this system call was invented, for the exact semantics. This issetugid() system call simply returns the status: if (p->p_p->ps_flags & PS_SUGIDEXEC) *retval = 1; else *retval = 0; What affects PS_SUGIDEXEC? It is only set or cleared in execve() based on variables which are probably self-evident: /* * If process does execve() while it has a mismatched real, * effective, or saved uid/gid, we set PS_SUGIDEXEC. */ if (cred->cr_uid != cred->cr_ruid || cred->cr_uid != cred->cr_svuid || cred->cr_gid != cred->cr_rgid || cred->cr_gid != cred->cr_svgid) atomic_setbits_int(&pr->ps_flags, PS_SUGIDEXEC); else atomic_clearbits_int(&pr->ps_flags, PS_SUGIDEXEC); Meanwhile, at fork() time, the child simply inherits the status of the parent: pr->ps_flags = parent->ps_flags & (PS_SUGID | PS_SUGIDEXEC); You will note a second flag called PS_SUGID at fork, which dates back to the dawn of time. The difference between these flags is very subtly described in the .h file: #define PS_SUGID0x0010 /* Had set id privs since last exec. */ #define PS_SUGIDEXEC0x0020 /* last execve() was set[ug]id */ The dominant usage pattern for issetugid() is to prevent inspection of the environment via getenv(), down in a library. The issetugid() API relieves programs from having to sanitize their environment before calling into libraries, because the 90's showed us someone always screws up that pattern the libraries need a method to save themselves. Patterns like getuid() != geteuid() do not give you the same guarantees. issetugid() tells you that your priviledge level is incompatible with the provinance of the environment strings.
Re: libressl-2.1.6 on AIX
I shall look at collecting the in-tree stuff. My servers are in the netherlands, and I am in austin atm. I have a meeting with the security team in about 30 minutes and I am going to mention libressl and get a discussion going. One of the things I wanted to discuss is about priv escalation. Just to make sure I understand what is expected of isssetguid() - could you perhaps, in terms of ls -l output with suid programs describe the sequence(s) where the value should be 1 - and especially, when they might (read should) be 0. >From memory of what I read (how I understood) the man page, if was superuser, and am still user - then 0 is appropriate. However, if was superuser (euid == 0) and a setuid call is used to demote/lower privilidge then 1 is the correct value. Also, if euid != 0 and an suid bit makes euid == 0 then the value should be one. Lastly, I am thinking that if a program starts as euid (even ruid) == 0, but used setuid to implement a safe-mode (i.e., not running as root) issetuid() should also return 1. I just repeated the process of configure, make, make check - but with OBJECT_MODE=64 and one test fails: asn1test. No time to look at it right now. This evening I will download the tree and test. Atm I am testing with no openssl installed. I would like to be able to run the whole process without needint autoconf/automake (because that requires additional libraries). And I need to figure out a better way to get the libraries to take a suffix of _64 so I can have both 32 and 64 bit support - eventually. Adding the configure setting: --program-suffix="_64" did not have any effect I could discover. re: the library loader - you can see what libpath is compiled into an program and/or a library member using "dump -H". At least, that is how I examine it. regards, Michael On Wed, Apr 8, 2015 at 10:28 PM, Brent Cook wrote: > Thanks Michael, > > I have incorporated some initial AIX patches - can you please check out > the latest tree? > > > https://github.com/libressl-portable/portable/commit/fe3f7fc6365bfaac3418a72256b8c11603e80cbf > > > https://github.com/libressl-portable/openbsd/commit/37d8e3c080e7c73158093f253d8e06fa1906dc03 > > There are a few changes from your original patch set, but this should make > it easier to move forward now that they are in-tree. You can just patch on > top of that rather than sending the whole thing. > > I undid some of the formatting changes for the getentropy file so it > matched the other files - the style is intentional between the files so its > easy to diff between them to spot changes. The perfstat stuff moves into > the inner loop like the other files as well. I added the network counters > (we have network counters on OS X too), but also added wpar cpu stats. > > The issetugid currently short circuits to always return '1' because I > think it still needs some work, as we discussed earlier. If we can't find a > way to make it work, a failsafe version isn't really a bad thing for most > uses. > > Also, I didn't add the configure.ac line that set CFLAGS to empty string > that was in the original patch. The current master branch has switched to > letting autoconf initialize the CFLAGS directly. This worked fine with gcc > when I tried it, but I'd be interested in seeing how it works with other > AIX compilers. > > One slightly annoying thing I found was the system library loader would > find other versions of libcrypto.a / libssl.a under LIBPATH and try to load > those when running binaries in-tree rather than the build versions. I don't > know if that was just a misconfiguration with my system. > > - Brent > > > On Apr 8, 2015, at 9:19 PM, Michael Felt wrote: > > > > I applied the patch I had sent in before, made one change (correction) - > correcting a typo that brent had pointed out (netinfo that needs to be > "diskinfo") in the getentrophy_aix.c > > > > If you need the patch again, I can send it again. I am curious about > whether this is moving forward - and if there is anything extra I can do to > assist. > > > > > > > Testsuite summary for libressl 2.1.6 > > > > > # TOTAL: 47 > > # PASS: 47 > > # SKIP: 0 > > # XFAIL: 0 > > # FAIL: 0 > > # XPASS: 0 > > # ERROR: 0 > > > > > > > regards, > > Michael > >
Re: libressl-2.1.6 on AIX
Thanks Michael, I have incorporated some initial AIX patches - can you please check out the latest tree? https://github.com/libressl-portable/portable/commit/fe3f7fc6365bfaac3418a72256b8c11603e80cbf https://github.com/libressl-portable/openbsd/commit/37d8e3c080e7c73158093f253d8e06fa1906dc03 There are a few changes from your original patch set, but this should make it easier to move forward now that they are in-tree. You can just patch on top of that rather than sending the whole thing. I undid some of the formatting changes for the getentropy file so it matched the other files - the style is intentional between the files so its easy to diff between them to spot changes. The perfstat stuff moves into the inner loop like the other files as well. I added the network counters (we have network counters on OS X too), but also added wpar cpu stats. The issetugid currently short circuits to always return '1' because I think it still needs some work, as we discussed earlier. If we can't find a way to make it work, a failsafe version isn't really a bad thing for most uses. Also, I didn't add the configure.ac line that set CFLAGS to empty string that was in the original patch. The current master branch has switched to letting autoconf initialize the CFLAGS directly. This worked fine with gcc when I tried it, but I'd be interested in seeing how it works with other AIX compilers. One slightly annoying thing I found was the system library loader would find other versions of libcrypto.a / libssl.a under LIBPATH and try to load those when running binaries in-tree rather than the build versions. I don't know if that was just a misconfiguration with my system. - Brent > On Apr 8, 2015, at 9:19 PM, Michael Felt wrote: > > I applied the patch I had sent in before, made one change (correction) - > correcting a typo that brent had pointed out (netinfo that needs to be > "diskinfo") in the getentrophy_aix.c > > If you need the patch again, I can send it again. I am curious about whether > this is moving forward - and if there is anything extra I can do to assist. > > > Testsuite summary for libressl 2.1.6 > > # TOTAL: 47 > # PASS: 47 > # SKIP: 0 > # XFAIL: 0 > # FAIL: 0 > # XPASS: 0 > # ERROR: 0 > > > regards, > Michael
libressl-2.1.6 on AIX
I applied the patch I had sent in before, made one change (correction) - correcting a typo that brent had pointed out (netinfo that needs to be "diskinfo") in the getentrophy_aix.c If you need the patch again, I can send it again. I am curious about whether this is moving forward - and if there is anything extra I can do to assist. Testsuite summary for libressl 2.1.6 # TOTAL: 47 # PASS: 47 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 regards, Michael