HardenedBSD issueshttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues2023-05-01T19:59:12Zhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/84Add OpenBSD's "doas" to the base2023-05-01T19:59:12ZMr. UNIXAdd OpenBSD's "doas" to the base`doas` is a command line utility that OpenBSD has which is similar to `sudo` but has a smaller codebase.
I believe it would be a great idea to include it into HardenedBSD's base, what do other people here think?`doas` is a command line utility that OpenBSD has which is similar to `sudo` but has a smaller codebase.
I believe it would be a great idea to include it into HardenedBSD's base, what do other people here think?https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/98libhbsdcontrol: functions can hard exit rather than return control to the caller2024-03-10T00:43:42Z0x1eeflibhbsdcontrol: functions can hard exit rather than return control to the callerThe functions within libhbsdcontrol can hard exit rather than return an error to the caller. I think a hard exit makes sense for application code, but for library code it's not what I'd usually expect. So far I have worked around this by...The functions within libhbsdcontrol can hard exit rather than return an error to the caller. I think a hard exit makes sense for application code, but for library code it's not what I'd usually expect. So far I have worked around this by catching error conditions before I call libhbsdcontrol functions but it's not ideal. It seems like a common pattern within libhbsdcontrol. An isolated example:
```c
#include <libhbsdcontrol.h>
int
main()
{
hbsdcontrol_set_feature_state("/does/not/exist", "mprotect", 1);
}
```
Result:
```
$ cc -lhbsdcontrol test.c -o testx
$ ./testx
hbsdcontrol_extattr_set_attr: No such file or directory
testx: abort
```Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/97hbsdcontrol_set_feature_state can set invalid states2024-03-06T21:21:08Z0x1eefhbsdcontrol_set_feature_state can set invalid statesThe `hbsdcontrol_set_feature_state` function accepts `pax_feature_state_t` as its last argument.
Valid values include -2 (conflict), -1 (sysdef), 0 (disable), and 1 (enable). But it appears that
only 0 (disable) and 1 (enable) are valid...The `hbsdcontrol_set_feature_state` function accepts `pax_feature_state_t` as its last argument.
Valid values include -2 (conflict), -1 (sysdef), 0 (disable), and 1 (enable). But it appears that
only 0 (disable) and 1 (enable) are valid values. Other invalid values, like 5, do not return an
error. The problem only becomes obvious when you check `/var/log/messages`, and see that an invalid
state has been set.
```c
// invalid
hbsdcontrol_set_feature_state("/bin/ls", "mprotect", -1);
hbsdcontrol_set_feature_state("/bin/ls", "mprotect", -2);
hbsdcontrol_set_feature_state("/bin/ls", "mprotect", 5);
```Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/96vm.objects possible regression2024-01-17T14:32:27ZJoe apache2vm.objects possible regressionThis commit fixes an infoleak in the `vm.objects` and `vm.swap_objects` sysctls, where filenames and sizes of all files loaded since boot were exposed to unprivileged users. The fix was to mark the sysctls `CTLFLAG_ROOTONLY`:
https://git...This commit fixes an infoleak in the `vm.objects` and `vm.swap_objects` sysctls, where filenames and sizes of all files loaded since boot were exposed to unprivileged users. The fix was to mark the sysctls `CTLFLAG_ROOTONLY`:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/20177e60364cbf56df0b71b74a00e10e9646d087
We should check if this breaks something in userland; the `vm.objects` syscall is used here:
```
lib/libutil/kinfo_getvmobject.c:kinfo_getvmobject
lib/libutil/kinfo_getvmobject.c:kinfo_getswapvmobject
```
```
usr.bin/vmstat/vmstat.c: kvo = kinfo_getvmobject(&cnt);
usr.bin/systat/proc.c: kvo = kinfo_getswapvmobject(&cnt);
```
ping @shawn.webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/95Kernel: Integrate LLVM kCFI2023-11-30T22:51:09ZShawn WebbKernel: Integrate LLVM kCFILLVM kCFI is suitable for integration in the kernel.LLVM kCFI is suitable for integration in the kernel.Control-Flow IntegrityShawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/94Kernel ELF Linker: Implement R_X86_64_GOTPCRELX and R_X86_64_REX_GOTPCRELX re...2023-11-30T22:48:29ZShawn WebbKernel ELF Linker: Implement R_X86_64_GOTPCRELX and R_X86_64_REX_GOTPCRELX relocation type supportWhen building kernel modules with LLVM kCFI, `ld.lld` generates kernel modules with `R_X86_64_REX_GOTPCRELX` relocation entries. From the [latest version](https://gitlab.com/x86-psABIs/x86-64-ABI) of the ELF ABI spec, these relocation en...When building kernel modules with LLVM kCFI, `ld.lld` generates kernel modules with `R_X86_64_REX_GOTPCRELX` relocation entries. From the [latest version](https://gitlab.com/x86-psABIs/x86-64-ABI) of the ELF ABI spec, these relocation entries can be calculated with this formula: `G + GOT + A - P`.Control-Flow IntegrityShawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/93hbsd-update: Use OpenSSL 3 arguments2023-11-28T16:22:46ZShawn Webbhbsd-update: Use OpenSSL 3 argumentsOpenSSL 3 has marked as deprecated the arguments we pass for cryptographic validation of the hbsd-update build artifact. We should use the new `openssl pkeyutl` command instead of the deprecated `openssl rsautl` command.OpenSSL 3 has marked as deprecated the arguments we pass for cryptographic validation of the hbsd-update build artifact. We should use the new `openssl pkeyutl` command instead of the deprecated `openssl rsautl` command.Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/91hbsd-update hard-link errors on latest 15-CURRENT build2023-11-30T14:02:40ZMichael Shirkhbsd-update hard-link errors on latest 15-CURRENT buildWhen running hbsd-update for the following version:
hbsd-v1500000-e01b2bc36ab09ba248a5295dd4dc1563a73aa194
After downloading the update, tar exits on multiple errors on files in "/etc/ssl"
`./usr/share/certs/untrusted/E-Tugra_Global_R...When running hbsd-update for the following version:
hbsd-v1500000-e01b2bc36ab09ba248a5295dd4dc1563a73aa194
After downloading the update, tar exits on multiple errors on files in "/etc/ssl"
`./usr/share/certs/untrusted/E-Tugra_Global_Root_CA_ECC_v3.pem: Hard-link target './etc/ssl/untrusted/5a7722fb.0' does not exist.: No such file or directory
./usr/share/certs/untrusted/Staat_der_Nederlanden_EV_Root_CA.pem: Hard-link target './etc/ssl/untrusted/03179a64.0' does not exist.: No such file or directory`https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/90Unable to login as user (HardenedBSD 14-stable, build-2, build-3)2023-10-15T08:47:58ZVujoUnable to login as user (HardenedBSD 14-stable, build-2, build-3)Hello.
HardenedBSD 14-stable
build-2, 2023.10.07
build-3, 2023.10.14
Clean installation without changing settings.
It is impossible to log in as the user, an error is displayed.
```
Cannot find root directory.
login: could not deter...Hello.
HardenedBSD 14-stable
build-2, 2023.10.07
build-3, 2023.10.14
Clean installation without changing settings.
It is impossible to log in as the user, an error is displayed.
```
Cannot find root directory.
login: could not determine audit condition
```
The problem does not occur under root user.
You can log in using SSH as a user.
![user-auth](/uploads/42246ac5b61801f85e6f27b9ed4c0667/user-auth.png)https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/89Text file not saved in krusader via SFTP2023-10-18T14:36:18ZVujoText file not saved in krusader via SFTPHello.
If you open a text file for editing in krusader via "sftp://...", the changes are not saved.
Today I installed a clean installation of stable build-22 (2023.10.01) and the problem was reproduced.
To reproduce the problem you nee...Hello.
If you open a text file for editing in krusader via "sftp://...", the changes are not saved.
Today I installed a clean installation of stable build-22 (2023.10.01) and the problem was reproduced.
To reproduce the problem you need to install:
`pkg install krusader kio-extras`
kio-extras is needed to support SFTP in krusader
The problem is not reproduced on FreeBSD-13.2-RELEASE.https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/88Add BadUSB protection2024-02-05T18:13:03Z0x1eefAdd BadUSB protectionIt would be nice if HardenedBSD had built-in protection against [BadUSB attacks](https://en.wikipedia.org/wiki/BadUSB).It would be nice if HardenedBSD had built-in protection against [BadUSB attacks](https://en.wikipedia.org/wiki/BadUSB).https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/87adb devices - execution delay in 2min 33sec2023-05-21T23:03:47ZVujoadb devices - execution delay in 2min 33secHello.
If adb service is not running, it takes 2min 33sec to start.
The issue has been confirmed by other members.
```
root@home # time adb devices
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of d...Hello.
If adb service is not running, it takes 2min 33sec to start.
The issue has been confirmed by other members.
```
root@home # time adb devices
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of devices attached
0.009u 0.000s 2:33.19 0.0% 0+0k 0+0io 0pf+0w
root@home # time adb devices
List of devices attached
0.007u 0.000s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
root@home # time adb kill-server
0.006u 0.000s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
root@home # time adb devices
* daemon not running; starting now at tcp:5037
* daemon started successfully
List of devices attached
0.007u 0.000s 2:33.02 0.0% 0+0k 0+0io 0pf+0w
```
```
root@home # time adb start-server
* daemon not running; starting now at tcp:5037
* daemon started successfully
0.009u 0.000s 2:33.08 0.0% 0+0k 0+0io 0pf+0w
root@home # time adb devices
List of devices attached
0.008u 0.000s 0:00.00 0.0% 0+0k 0+0io 0pf+0w
```https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/86libreoffice won't start with hardening.harden_rtld=12023-04-17T17:08:24ZVujolibreoffice won't start with hardening.harden_rtld=1Hi.
From the news https://hardenedbsd.org/article/shawn-webb/2022-06-28/hardenedbsd-june-2022-status-report
it says that a new parameter hardening.harden_rtld has been added
By default `hardening.harden_rtld` parameter is 1
in this ca...Hi.
From the news https://hardenedbsd.org/article/shawn-webb/2022-06-28/hardenedbsd-june-2022-status-report
it says that a new parameter hardening.harden_rtld has been added
By default `hardening.harden_rtld` parameter is 1
in this case libreoffice does not start
```
# libreoffice
ld-elf.so.1: Shared object "libuno_sal.so.3" not found, required by "oosplash"
# pkg info -l libreoffice | grep libuno_sal.so.3
/usr/local/lib/libreoffice/program/libuno_sal.so.3
# ldd /usr/local/lib/libreoffice/program/oosplash
/usr/local/lib/libreoffice/program/oosplash:
ld-elf.so.1: Tainted process refusing to run binary /libexec/ld-elf.so.1
/usr/local/lib/libreoffice/program/oosplash: exit status 1
```
If set `hardening.harden_rtld: 0`
then libreoffice starts correctly
```
# ldd /usr/local/lib/libreoffice/program/oosplash
/usr/local/lib/libreoffice/program/oosplash:
libXinerama.so.1 => /usr/local/lib/libXinerama.so.1 (0x1a0d1ae2000)
libX11.so.6 => /usr/local/lib/libX11.so.6 (0x1a0d1ae7000)
libpng16.so.16 => /usr/local/lib/libpng16.so.16 (0x1a0d1c43000)
libuno_sal.so.3 => /usr/local/lib/libreoffice/program/libuno_sal.so.3 (0x1a0d1c87000)
libthr.so.3 => /lib/libthr.so.3 (0x1a0d1d04000)
libc.so.7 => /lib/libc.so.7 (0x1a0d1d31000)
libXext.so.6 => /usr/local/lib/libXext.so.6 (0x1a0d213d000)
libxcb.so.1 => /usr/local/lib/libxcb.so.1 (0x1a0d2154000)
libz.so.6 => /lib/libz.so.6 (0x1a0d2187000)
libm.so.5 => /lib/libm.so.5 (0x1a0d21a4000)
libc++.so.1 => /usr/lib/libc++.so.1 (0x1a0d21e0000)
libcxxrt.so.1 => /lib/libcxxrt.so.1 (0x1a0d22e8000)
libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x1a0d230a000)
libXau.so.6 => /usr/local/lib/libXau.so.6 (0x1a0d2324000)
libXdmcp.so.6 => /usr/local/lib/libXdmcp.so.6 (0x1a0d232a000)
[vdso] (0x7fdbd1562000)
```
The question arose: how to properly run libreoffice with `hardening.harden_rtld=1`https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/85Disable Root Account2023-05-01T18:15:56ZMr. UNIXDisable Root AccountRoot account add a significant attack surface and disabling it is a very good security practice.
I believe it would be a great idea to do that by default, what do others think about this?Root account add a significant attack surface and disabling it is a very good security practice.
I believe it would be a great idea to do that by default, what do others think about this?https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/83hbsd-update says empty: flags ("schg" is not "schg,uarch", modified to "non...2023-11-14T07:01:48ZUlas SAYGINhbsd-update says empty: flags ("schg" is not "schg,uarch", modified to "none"), what does it mean?hi ,
i used hbsd-update and it said
empty: flags ("schg" is not "schg,uarch", modified to "none")
what does it mean? after that i used hbsd-update again. it says system is up to date
i could not be sure, what is missing? can you help...hi ,
i used hbsd-update and it said
empty: flags ("schg" is not "schg,uarch", modified to "none")
what does it mean? after that i used hbsd-update again. it says system is up to date
i could not be sure, what is missing? can you help me? thanks a lot.
```
hbsd-update hbsd-v1300063-8ae62fe3dfef9e35e5001dd370de0b562c39a2b9
/tmp/tmp.3sVgAwpG/update.tar 591 MB 6464 kBps 01m34s
empty: flags ("schg" is not "schg,uarch", modified to "none")
[*] Applying Integriforce rules
hbsd-update
hbsd-v1300063-8ae62fe3dfef9e35e5001dd370de0b562c39a2b9
[*] This system is already on the latest version.
```https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/81Discussion: Remove HARDENEDBSD gates in userland2022-06-21T19:16:10ZShawn WebbDiscussion: Remove HARDENEDBSD gates in userlandBack when we first started, we gated a lot of the changes to userland with:
```
#ifdef HARDENEDBSD
...
#endif
```
That way, if someone wanted to still have a FreeBSD-based system, but with HardenedBSD sources, they could certainly do s...Back when we first started, we gated a lot of the changes to userland with:
```
#ifdef HARDENEDBSD
...
#endif
```
That way, if someone wanted to still have a FreeBSD-based system, but with HardenedBSD sources, they could certainly do so. I'm thinking that we've diverged enough from FreeBSD that such gates are unnecessary and can sometimes complicate code. Let's just assume that if someone is building an OS using the HardenedBSD source tree, they specifically want to use HardenedBSD.
So I'd like to propose the idea of just removing the gates. What does the community think of this?Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/80TPE: Enforce at mmap boundary (and potentially mprotect)2022-06-10T21:34:34ZShawn WebbTPE: Enforce at mmap boundary (and potentially mprotect)One additional thought is that we could protect against mmap(fd, PROT_EXEC) when TPE is enabled. We would definitely want to gate it with a sysctl node, though, since doing vnode lookups is expensive, especially during mmap time.
We cou...One additional thought is that we could protect against mmap(fd, PROT_EXEC) when TPE is enabled. We would definitely want to gate it with a sysctl node, though, since doing vnode lookups is expensive, especially during mmap time.
We could explore protecting mprotect as well, though I suspect that might prove a bit more difficult.Shawn WebbShawn Webbhttps://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/74Booting on PC Engines APU boards broken2022-04-12T10:01:59ZShawn WebbBooting on PC Engines APU boards brokenThe bootloader seems to crash almost immediately. The initial spinner stops spinning after displaying the first slash. No further output is seen. I'll upload a screenshot soon.The bootloader seems to crash almost immediately. The initial spinner stops spinning after displaying the first slash. No further output is seen. I'll upload a screenshot soon.https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/72Harden kernel crash dump interface2022-03-15T10:01:56ZShawn WebbHarden kernel crash dump interface`dumpon -l` works within a jail. We should harden it in similar fashion as the KLD interfaces.`dumpon -l` works within a jail. We should harden it in similar fashion as the KLD interfaces.https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/issues/70Implement static PIE support2022-01-17T20:32:19ZShawn WebbImplement static PIE supportIt'd be great if we could randomize the execution base address of static PIE images. Though OpenBSD's static PIE support is somewhat hacky, we could potentially use that as inspiration for our own implementation.It'd be great if we could randomize the execution base address of static PIE images. Though OpenBSD's static PIE support is somewhat hacky, we could potentially use that as inspiration for our own implementation.