On 05/13/16 11:07, Theo de Raadt wrote: >> Since the anti-ROP mechanism in libc [2] was added in late April, -current >> with read-only /usr produces something like the following message: >> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file system > > Look, your statement is false. I can install a snapshot right now, > and I won't see what you report.
The report is fairly easy to reproduce. Make the /usr filesystem read-only in /etc/fstab, go to single user mode and exit back to multi-user. I've appended a transcript. > That is the result of a mis-configuration on your part. It's unfortunate that mounting /usr read-only is now a mis-configuration. >> I thought I was following best practice by mounting /usr, >> /usr/X11R6, and /usr/local read-only. I submitted a bug report and a >> patch to fix my problem [2] but have had no response. > > That is not best practice. If it was, we would be heading towards > making it the default. > > And why is not best practice? Because it stands directly against the > primary purpose of OpenBSD: A development platform, where people > constantly rebuild their binaries, iterating and fixing bugs. > > What you are describing here is really just "you make a local change, > you own it". # cp -p /etc/fstab /etc/fstab.orig # sed -e 's,/usr ffs rw,/usr ffs ro,' </etc/fstab.orig >/etc/fstab # shutdown -f now Shutdown NOW! shutdown: [pid 82541] # ?*** FINAL System shutdown message from [email protected] ***? System going down IMMEDIATELY System shutdown time has arrived Enter pathname of shell or RETURN for sh: # exit Fast boot: skipping disk checks. setting tty flags pfctl: pf already enabled machdep.allowaperture: 2 -> 2 starting network DHCPREQUEST on vio0 to 255.255.255.255 DHCPACK from 10.1.2.18 (14:da:e9:b5:84:cf) bound to 10.1.2.6 -- renewal in 302400 seconds. re-ordering libraries:install: /usr/lib/INS@73BiVBOVcW: Read-only file system done. starting early daemons: syslogd pflogd ntpd. starting RPC daemons:. savecore: no core dump checking quotas: done. clearing /tmp kern.securelevel: 0 -> 1 creating runtime link editor directory cache. preserving editor files. starting network daemons: sshd smtpd sndiod. starting local daemons: cron. Fri May 13 16:30:55 EDT 2016 ###################################################################### OpenBSD 6.0-beta (GENERIC.MP) #1742: Fri May 13 08:52:53 MDT 2016 [email protected]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Common 32-bit KVM processor ("GenuineIntel" 686-class) 3.41 GHz cpu0: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,x2APIC,HV real mem = 2146844672 (2047MB) avail mem = 2093015040 (1996MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 06/23/99, BIOS32 rev. 0 @ 0xfd4be, SMBIOS rev. 2.8 @ 0xf0cd0 (9 entries) bios0: vendor SeaBIOS version "rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org" date 04/01/2014 bios0: QEMU Standard PC (i440FX + PIIX, 1996) acpi0 at bios0: rev 0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Common 32-bit KVM processor ("GenuineIntel" 686-class) 3.41 GHz cpu1: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,x2APIC,HV ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins acpihpet0 at acpi0: 100000000 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) "ACPI0006" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0F13" at acpi0 not configured "PNP0700" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0A06" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured bios0: ROM list: 0xc0000/0x9200 0xc9800/0xa00 0xca800/0x2400 0xed000/0x3000! pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.2.> ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Memory" rev 0x00 viomb0 at virtio0 virtio0: apic 0 int 11 virtio1 at pci0 dev 10 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk0 at virtio1 scsibus2 at vioblk0: 2 targets sd0 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct fixed sd0: 32768MB, 512 bytes/sector, 67108864 sectors virtio1: apic 0 int 10 virtio2 at pci0 dev 18 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio2: address 36:31:4d:56:db:75 virtio2: apic 0 int 10 isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 1: density unknown com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 nvram: invalid checksum uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev 2.00/0.00 addr 2 uhidev0: iclass 3/0 ums0 at uhidev0: 3 buttons, Z dir wsmouse1 at ums0 mux 0 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root on sd0a (43a6c82e14a0618c.a) swap on sd0b dump on sd0b clock: unknown CMOS layout
