HardenedBSD issueshttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues2024-03-10T00:43:42Zhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/98libhbsdcontrol: functions can hard exit rather than return control to the caller2024-03-10T00:43:42Z0x1eeflibhbsdcontrol: functions can hard exit rather than return control to the callerThe functions within libhbsdcontrol can hard exit rather than return an error to the caller. I think a hard exit makes sense for application code, but for library code it's not what I'd usually expect. So far I have worked around this by...The functions within libhbsdcontrol can hard exit rather than return an error to the caller. I think a hard exit makes sense for application code, but for library code it's not what I'd usually expect. So far I have worked around this by catching error conditions before I call libhbsdcontrol functions but it's not ideal. It seems like a common pattern within libhbsdcontrol. An isolated example:
```c
#include <libhbsdcontrol.h>
int
main()
{
hbsdcontrol_set_feature_state("/does/not/exist", "mprotect", 1);
}
```
Result:
```
$ cc -lhbsdcontrol test.c -o testx
$ ./testx
hbsdcontrol_extattr_set_attr: No such file or directory
testx: abort
```Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/97hbsdcontrol_set_feature_state can set invalid states2024-03-06T21:21:08Z0x1eefhbsdcontrol_set_feature_state can set invalid statesThe `hbsdcontrol_set_feature_state` function accepts `pax_feature_state_t` as its last argument.
Valid values include -2 (conflict), -1 (sysdef), 0 (disable), and 1 (enable). But it appears that
only 0 (disable) and 1 (enable) are valid...The `hbsdcontrol_set_feature_state` function accepts `pax_feature_state_t` as its last argument.
Valid values include -2 (conflict), -1 (sysdef), 0 (disable), and 1 (enable). But it appears that
only 0 (disable) and 1 (enable) are valid values. Other invalid values, like 5, do not return an
error. The problem only becomes obvious when you check `/var/log/messages`, and see that an invalid
state has been set.
```c
// invalid
hbsdcontrol_set_feature_state("/bin/ls", "mprotect", -1);
hbsdcontrol_set_feature_state("/bin/ls", "mprotect", -2);
hbsdcontrol_set_feature_state("/bin/ls", "mprotect", 5);
```Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/96vm.objects possible regression2024-01-17T14:32:27ZJoe apache2vm.objects possible regressionThis commit fixes an infoleak in the `vm.objects` and `vm.swap_objects` sysctls, where filenames and sizes of all files loaded since boot were exposed to unprivileged users. The fix was to mark the sysctls `CTLFLAG_ROOTONLY`:
https://git...This commit fixes an infoleak in the `vm.objects` and `vm.swap_objects` sysctls, where filenames and sizes of all files loaded since boot were exposed to unprivileged users. The fix was to mark the sysctls `CTLFLAG_ROOTONLY`:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/20177e60364cbf56df0b71b74a00e10e9646d087
We should check if this breaks something in userland; the `vm.objects` syscall is used here:
```
lib/libutil/kinfo_getvmobject.c:kinfo_getvmobject
lib/libutil/kinfo_getvmobject.c:kinfo_getswapvmobject
```
```
usr.bin/vmstat/vmstat.c: kvo = kinfo_getvmobject(&cnt);
usr.bin/systat/proc.c: kvo = kinfo_getswapvmobject(&cnt);
```
ping @shawn.webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/95Kernel: Integrate LLVM kCFI2023-11-30T22:51:09ZShawn WebbKernel: Integrate LLVM kCFILLVM kCFI is suitable for integration in the kernel.LLVM kCFI is suitable for integration in the kernel.Control-Flow IntegrityShawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/91hbsd-update hard-link errors on latest 15-CURRENT build2023-11-30T14:02:40ZMichael Shirkhbsd-update hard-link errors on latest 15-CURRENT buildWhen running hbsd-update for the following version:
hbsd-v1500000-e01b2bc36ab09ba248a5295dd4dc1563a73aa194
After downloading the update, tar exits on multiple errors on files in "/etc/ssl"
`./usr/share/certs/untrusted/E-Tugra_Global_R...When running hbsd-update for the following version:
hbsd-v1500000-e01b2bc36ab09ba248a5295dd4dc1563a73aa194
After downloading the update, tar exits on multiple errors on files in "/etc/ssl"
`./usr/share/certs/untrusted/E-Tugra_Global_Root_CA_ECC_v3.pem: Hard-link target './etc/ssl/untrusted/5a7722fb.0' does not exist.: No such file or directory
./usr/share/certs/untrusted/Staat_der_Nederlanden_EV_Root_CA.pem: Hard-link target './etc/ssl/untrusted/03179a64.0' does not exist.: No such file or directory`https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/89Text file not saved in krusader via SFTP2023-10-18T14:36:18ZVujoText file not saved in krusader via SFTPHello.
If you open a text file for editing in krusader via "sftp://...", the changes are not saved.
Today I installed a clean installation of stable build-22 (2023.10.01) and the problem was reproduced.
To reproduce the problem you nee...Hello.
If you open a text file for editing in krusader via "sftp://...", the changes are not saved.
Today I installed a clean installation of stable build-22 (2023.10.01) and the problem was reproduced.
To reproduce the problem you need to install:
`pkg install krusader kio-extras`
kio-extras is needed to support SFTP in krusader
The problem is not reproduced on FreeBSD-13.2-RELEASE.https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/87adb devices - execution delay in 2min 33sec2023-05-21T23:03:47ZVujoadb devices - execution delay in 2min 33secHello.
If adb service is not running, it takes 2min 33sec to start.
The issue has been confirmed by other members.
```
root@home # time adb devices
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of d...Hello.
If adb service is not running, it takes 2min 33sec to start.
The issue has been confirmed by other members.
```
root@home # time adb devices
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of devices attached
0.009u 0.000s 2:33.19 0.0% 0+0k 0+0io 0pf+0w
root@home # time adb devices
List of devices attached
0.007u 0.000s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
root@home # time adb kill-server
0.006u 0.000s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
root@home # time adb devices
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of devices attached
0.007u 0.000s 2:33.02 0.0% 0+0k 0+0io 0pf+0w
```
```
root@home # time adb start-server
* daemon not running; starting now at tcp:5037
* daemon started successfully
0.009u 0.000s 2:33.08 0.0% 0+0k 0+0io 0pf+0w
root@home # time adb devices
List of devices attached
0.008u 0.000s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
```https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/84Add OpenBSD's "doas" to the base2023-05-01T19:59:12ZMr. UNIXAdd OpenBSD's "doas" to the base`doas` is a command line utility that OpenBSD has which is similar to `sudo` but has a smaller codebase.
I believe it would be a great idea to include it into HardenedBSD's base, what do other people here think?`doas` is a command line utility that OpenBSD has which is similar to `sudo` but has a smaller codebase.
I believe it would be a great idea to include it into HardenedBSD's base, what do other people here think?https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/74Booting on PC Engines APU boards broken2022-04-12T10:01:59ZShawn WebbBooting on PC Engines APU boards brokenThe bootloader seems to crash almost immediately. The initial spinner stops spinning after displaying the first slash. No further output is seen. I'll upload a screenshot soon.The bootloader seems to crash almost immediately. The initial spinner stops spinning after displaying the first slash. No further output is seen. I'll upload a screenshot soon.https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/71Deorbit Intel SGX support2022-03-15T16:27:28ZShawn WebbDeorbit Intel SGX supportIntel is deprecating SGX support in 11th and 12th gen CPUs. And for good reason.Intel is deprecating SGX support in 11th and 12th gen CPUs. And for good reason.LoicLoichttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/70Implement static PIE support2022-01-17T20:32:19ZShawn WebbImplement static PIE supportIt'd be great if we could randomize the execution base address of static PIE images. Though OpenBSD's static PIE support is somewhat hacky, we could potentially use that as inspiration for our own implementation.It'd be great if we could randomize the execution base address of static PIE images. Though OpenBSD's static PIE support is somewhat hacky, we could potentially use that as inspiration for our own implementation.https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/69Implement mremap2023-11-30T22:45:28ZShawn WebbImplement mremapThe llvm Cross-DSO CFI implementation depends on mremap, a syscall we currently lack. NetBSD provides an implementation, which we may be able to pull in.
Historically, HardenedBSD maintained syscall compatibility with FreeBSD. We should...The llvm Cross-DSO CFI implementation depends on mremap, a syscall we currently lack. NetBSD provides an implementation, which we may be able to pull in.
Historically, HardenedBSD maintained syscall compatibility with FreeBSD. We should investigate ways to implement (or emulate) mremap such that we can use it in llvm's Cross-DSO CFI implementation. It would be preferred if we could keep syscall compat with FreeBSD.Control-Flow IntegrityShawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/58Potentially bad idea: investigate using arc4random(3) for rand(3)2021-08-21T00:55:42ZShawn WebbPotentially bad idea: investigate using arc4random(3) for rand(3)I wonder what, if any, issues this may cause. The rand(3) API is meant to produce reproducible output when using the same seed. Using arc4random would break such determinism. I what what ramifications this has in 2021.I wonder what, if any, issues this may cause. The rand(3) API is meant to produce reproducible output when using the same seed. Using arc4random would break such determinism. I what what ramifications this has in 2021.https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/57hbsd-update: Provide a "download only" option2021-07-10T18:55:45ZShawn Webbhbsd-update: Provide a "download only" optionMake it easy to simply download the update archive and not do anything with it, not even extracting it. This will enable a user to be able to inspect the archive and manually apply parts of it if needed.Make it easy to simply download the update archive and not do anything with it, not even extracting it. This will enable a user to be able to inspect the archive and manually apply parts of it if needed.LoicLoichttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/53Release engineering: Create bittorrent files2021-10-17T16:47:49ZShawn WebbRelease engineering: Create bittorrent filesWe could make it easier for the community to mirror and distribute HardenedBSD builds. Using only tools in base, we could create the bittorrent files used for downloading and seeding. There may be some infrastructure needed to provide th...We could make it easier for the community to mirror and distribute HardenedBSD builds. Using only tools in base, we could create the bittorrent files used for downloading and seeding. There may be some infrastructure needed to provide the initial seed. That is something HardenedBSD could provide, given a set of instructions (in this issue) to build out that infrastructure.
Now that we have replaced 90% of our old build servers with newer ones, we can utilize the decommissioned servers to perform non-build-related tasks. We have three such systems.https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/52Update libexpat in base2021-05-26T20:30:39ZShawn WebbUpdate libexpat in baseThe version of libexpat in base is 2.2.9. The latest release is 2.4.1. Bring libexpat up-to-date.The version of libexpat in base is 2.2.9. The latest release is 2.4.1. Bring libexpat up-to-date.https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/50Improve EFI framebuffer startup2022-02-03T19:45:19ZLoicImprove EFI framebuffer startupThe EFI framebuffer boot in FreeBSD (so HardenedBSD) often crashes on modern computers:
![20210517_162746](/uploads/2ed672f6d1d13403b2076d9a6bb109bf/20210517_162746.jpg)
See: [Bug 255208](https://bugs.freebsd.org/bugzilla/show_bug.cgi?i...The EFI framebuffer boot in FreeBSD (so HardenedBSD) often crashes on modern computers:
![20210517_162746](/uploads/2ed672f6d1d13403b2076d9a6bb109bf/20210517_162746.jpg)
See: [Bug 255208](https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=209821#c35)
OpenBSD does not have this problem, we should see if we can borrow a solution.LoicLoichttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/48Resolve cfi-icall violations2023-11-30T22:45:14ZShawn WebbResolve cfi-icall violationsMany applications violate the cfi-icall scheme. A cursory list, found by grep, is listed below. This bug report should be the master issue, tracking sub-issues to fix each individual application. So this ticket should be broken out for e...Many applications violate the cfi-icall scheme. A cursory list, found by grep, is listed below. This bug report should be the master issue, tracking sub-issues to fix each individual application. So this ticket should be broken out for each application (for example: one for md5, another for mount_nfs, another for bhyveload, etc.)
Some of these cannot be fixed until we gain Cross-DSO CFI support. For example, if a function pointer crosses a DSO boundary (dlopen/dlsym).
```
hbsd-current-01[shawn]:/usr/src $ grep -rnF CFI_OVERRIDE .
./sbin/md5/Makefile:7:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./sbin/mount_nfs/Makefile:14:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/rpc.yppasswdd/Makefile:18:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/bhyveload/Makefile:8:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/mountd/Makefile:7:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/pwd_mkdb/Makefile:11:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/blacklistd/Makefile:23:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/rpc.ypupdated/Makefile:11:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/rpc.umntall/Makefile:10:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/rpc.ypxfrd/Makefile:10:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/ppp/Makefile:19:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/unbound/checkconf/Makefile:16:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/rpcbind/Makefile:10:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/services_mkdb/Makefile:10:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/sendmail/Makefile:31:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.sbin/rpc.lockd/Makefile:12:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.sbin/rpc.statd/Makefile:10:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.bin/rpcgen/Makefile:7:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.bin/showmount/Makefile:7:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.bin/mail/Makefile:15:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.bin/rpcinfo/Makefile:12:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.bin/nc/Makefile:13:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.bin/svn/svn/Makefile:70:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./usr.bin/vi/Makefile:19:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./usr.bin/tsort/Makefile:6:CFI_OVERRIDE=-fno-sanitize=cfi-icall
./kerberos5/usr.sbin/kstash/Makefile:12:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.sbin/iprop-log/Makefile:14:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.sbin/ktutil/Makefile:19:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/hprop/Makefile:19:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/hpropd/Makefile:12:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/kcm/Makefile:20:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/ipropd-slave/Makefile:13:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/kadmind/Makefile:10:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/kdigest/Makefile:13:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/kdc/Makefile:11:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/kpasswdd/Makefile:11:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/digest-service/Makefile:15:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/ipropd-master/Makefile:13:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/kimpersonate/Makefile:11:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/libexec/kfd/Makefile:9:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kdestroy/Makefile:8:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kcc/Makefile:19:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/string2key/Makefile:13:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kadmin/Makefile:27:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kf/Makefile:9:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kpasswd/Makefile:8:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kinit/Makefile:7:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/kgetcred/Makefile:8:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/hxtool/Makefile:14:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/verify_krb5_conf/Makefile:9:CFI_OVERRIDE= -fno-sanitize=cfi-icall
./kerberos5/usr.bin/ksu/Makefile:13:CFI_OVERRIDE= -fno-sanitize=cfi-icall
```Control-Flow IntegrityLoicLoichttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/47Disable INCLUDE_CONFIG_FILE2023-01-31T13:57:59ZShawn WebbDisable INCLUDE_CONFIG_FILEIn our quest to remove "kernel infoleaks as features", we should disable the `INCLUDE_CONFIG_FILE` kernel config option. Doing this has a negative impact in kernel crash dump analysis, but helps with our overall goal of removing kernel i...In our quest to remove "kernel infoleaks as features", we should disable the `INCLUDE_CONFIG_FILE` kernel config option. Doing this has a negative impact in kernel crash dump analysis, but helps with our overall goal of removing kernel infoleaks.LoicLoichttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/46Bring in jemalloc sized-delete size-checking patch2021-05-18T16:24:00ZShawn WebbBring in jemalloc sized-delete size-checking patchThis hit my radar: https://github.com/jemalloc/jemalloc/commit/eaed1e39be8574b1a59d21824b68e31af378cd0fThis hit my radar: https://github.com/jemalloc/jemalloc/commit/eaed1e39be8574b1a59d21824b68e31af378cd0f