In D41614#948592, @delphij wrote:The change looks Okay to me but I wonder if we should separate the variable into two cached values, one for new and the other for !new.
When changing multiple providers at the same time, this would allow the library to cache both passphrases so the user don't have to enter them over and over again.
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed Advanced Search
Advanced Search
Advanced Search
Sep 4 2024
Sep 4 2024
May 20 2024
May 20 2024
Aug 29 2023
Aug 29 2023
The change looks Okay to me but I wonder if we should separate the variable into two cached values, one for new and the other for !new.
Aug 28 2023
Aug 28 2023
freebsd_igalic.co added reviewers for D41614: geli: fix setkey behavior on detached providers: secteam, security.
Aug 8 2023
Aug 8 2023
Mar 26 2023
Mar 26 2023
Mar 6 2023
Mar 6 2023
Merged as https://reviews.freebsd.org/rGe4520c8bd1d3 .
Mar 4 2023
Mar 4 2023
Are there any objections to continuing with the creation of the vendor/openssl-3.0 branch?
Mar 3 2023
Mar 3 2023
In D38835#884813, @dim wrote:In D38835#884784, @ngie wrote:If openssl3 is going to be a private lib, then ports can't use it at all, right? I see there is already security/openssl which is 1.1.1t, and security/openssl-devel which is 3.0.8 (strange, because the development version of OpenSSL is 3.1.0 but I digress). So ports would have to link against the former or the latter (and can't use both). Also, if we make a private openssl3 lib, we'll have to rename all symbols so as to not conflict with ports. Alternatively, the ports openssl versions should rename all _their_ symbols to not conflict. That might also solve the problem of mixing 1.1 and 3.0.
In any case, getting openssl3 in side-by-side is a good first step, allowing piecemeal work to be done.
Mar 2 2023
Mar 2 2023
In D38835#884784, @ngie wrote:
In D38835#884625, @jkim wrote:In D38835#884575, @ngie wrote:I followed a different import process than what’s described in FreeBSD-UPGRADE because it was much simpler for me to use rsync -av —-delete to update the contents than multiple calls to find/tar/comm.
Actually, we need to rewrite both FreeBSD-upgrade and FreeBSD-Xlist from scratch for OpenSSL 3.0 because it is quite different.
In D38835#884575, @ngie wrote:I followed a different import process than what’s described in FreeBSD-UPGRADE because it was much simpler for me to use rsync -av —-delete to update the contents than multiple calls to find/tar/comm.
In D38835#884175, @emaste wrote:I assume your vendor/openssl-3.0 branch started from the current vendor/openssl?
Mar 1 2023
Mar 1 2023
I assume your vendor/openssl-3.0 branch started from the current vendor/openssl?
ngie retitled D38835: openssl: Vendor import of OpenSSL-3.0.8 from Summary: openssl: Vendor import of OpenSSL-3.0.8 to openssl: Vendor import of OpenSSL-3.0.8.
Nov 30 2022
Nov 30 2022
Sep 21 2022
Sep 21 2022
firk_cantconnect.ru added a comment to D34579: Verify directory fds against chroot when receiving them through SCM_RIGHTS.
In D34579#828698, @glebius wrote:I can't see how this can be used maliciously, e.g. forcing some application outside of jail to send its SCM_RIGHTS to a jail.
Sep 8 2022
Sep 8 2022
glebius added a comment to D34579: Verify directory fds against chroot when receiving them through SCM_RIGHTS.
I can't see how this can be used maliciously, e.g. forcing some application outside of jail to send its SCM_RIGHTS to a jail. Even if such case exists for a certain application, that would be bug in that application, IMHO. The initial idea of SCM_RIGHTS was actually to grant rights intentionally, so there can be a valid case for a certain application that wants to grant rights to its peer in a jail.
Sep 1 2022
Sep 1 2022
Jun 3 2022
Jun 3 2022
Mar 29 2022
Mar 29 2022
firk_cantconnect.ru added a comment to D34579: Verify directory fds against chroot when receiving them through SCM_RIGHTS.
For example it is possible to share file descriptor tables, and one of the processes may not be encumbered by the jail.
mjg added a comment to D34579: Verify directory fds against chroot when receiving them through SCM_RIGHTS.
I'm going to have to sleep on the approach. This is a known escape, but I don't know if the method used can fully plug it. For example it is possible to share file descriptor tables, and one of the processes may not be encumbered by the jail. As is it does solve it for processes which have no way to talk to each other apart from a partially shared fs though.
Mar 28 2022
Mar 28 2022
Mar 16 2022
Mar 16 2022
firk_cantconnect.ru updated the test plan for D34579: Verify directory fds against chroot when receiving them through SCM_RIGHTS.
Mar 15 2022
Mar 15 2022
firk_cantconnect.ru retitled D34560: Add mount option to disallow creating sockets on filesystem from Add mount option to disallow creating socketson filesystem to Add mount option to disallow creating sockets on filesystem.
Mar 14 2022
Mar 14 2022
firk_cantconnect.ru requested review of D34560: Add mount option to disallow creating sockets on filesystem.
Feb 17 2022
Feb 17 2022
cperciva added a comment to D20780: Add support for getting early entropy from the UEFI RNG protocol.
I'll do the commit. Thanks to Greg for writing this and to everyone who helped to review it!
Feb 16 2022
Feb 16 2022
Who is going to do the actual commit? I'm happy to do it if no-one else wants to? Whoever does it has csprng@ green-light.
Last nit can be done pre-commit or I can whack it post-commit; ok from lua perspective.
kevans added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
cperciva added a comment to D20780: Add support for getting early entropy from the UEFI RNG protocol.
Is this ready to be committed? I'm happy to do it myself but markm said he was going to commit (prior to the latest round of changes) -- don't want to commit prematurely if you're still waiting for something.
Jan 29 2022
Jan 29 2022
Jan 28 2022
Jan 28 2022
markm added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
val_packett.cool updated the diff for D20780: Add support for getting early entropy from the UEFI RNG protocol.
Yep, I've had basically the exact same opinion as @delphij about the copyright. Let's go with Intel.
Jan 27 2022
Jan 27 2022
markm added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
Jan 26 2022
Jan 26 2022
val_packett.cool updated the diff for D20780: Add support for getting early entropy from the UEFI RNG protocol.
So seems like it's easier to just do it all in core.lua, which is where lots of config accesses are anyway.
Jan 17 2022
Jan 17 2022
In D20780#766778, @greg_unrelenting.technology wrote:err, I have not addressed the "isUEFIBoot" thing and the "This file needs a copyright / license at the top" thing…
Jan 16 2022
Jan 16 2022
val_packett.cool added a comment to D20780: Add support for getting early entropy from the UEFI RNG protocol.
err, I have not addressed the "isUEFIBoot" thing and the "This file needs a copyright / license at the top" thing…
Jan 15 2022
Jan 15 2022
cperciva added a comment to D20780: Add support for getting early entropy from the UEFI RNG protocol.
Thanks! Can you also MFC it to stable/13 after a week?
In D20780#766643, @cperciva wrote:Is this waiting for anything else before it gets committed?
Jan 14 2022
Jan 14 2022
Herald added a reviewer for D20780: Add support for getting early entropy from the UEFI RNG protocol: manu.
Is this waiting for anything else before it gets committed?
Nov 16 2021
Nov 16 2021
Nov 15 2021
Nov 15 2021
I did a minor edit on the proposed commit message to clarify some things (sorry I do not have it as a diff)
In D27666#745003, @mw wrote:Altough I agree it should be safe to enable ASLR 32-bit, for now I'd stay with 64-bit only - please remember that after a discussion it was decided to compile only 64-bit executables "WITH_PIE".
In D27666#744977, @kib wrote:In D27666#744939, @emaste wrote:I might write are not changed at this time to suggest this is not necessarily a final decision (in fact, it's not really a decision at all, 32-bit is probably not relevant enough to spend much effort on).
For 32bit, it might make sense to enable ASLR for 32bit binaries on 64bit host, still. That said, i386 kernel provides almost full 4G for UVA, so it might make sense to enable there as well, but lets limit the change to 64bit kernels, indeed.
In D27666#744939, @emaste wrote:I might write are not changed at this time to suggest this is not necessarily a final decision (in fact, it's not really a decision at all, 32-bit is probably not relevant enough to spend much effort on).
In D27666#744939, @emaste wrote:As a result, although the tests on 32-bit architectures with ASLR enabled were
mostly on par with what was observed on 64-bit ones, the defaults for the
former are not changed. Also, for the sake of safety keep the feature disabled for 32-bit
executables on 64-bit machines, too.I might write are not changed at this time to suggest this is not necessarily a final decision (in fact, it's not really a decision at all, 32-bit is probably not relevant enough to spend much effort on).
As a result, although the tests on 32-bit architectures with ASLR enabled were
mostly on par with what was observed on 64-bit ones, the defaults for the
former are not changed. Also, for the sake of safety keep the feature disabled for 32-bit
executables on 64-bit machines, too.
In D27666#744905, @kib wrote:Yes, leave it. I think it is verbose but explicit so that more people can notice that if pointed to.
Yes, leave it. I think it is verbose but explicit so that more people can notice that if pointed to.
In D27666#744903, @kib wrote:I suggest also dropping the
In case any change in the OS behavior is observed, that can be possibly caused by this patch, it is recommended to use freebsd-bugs@freebsd.org mailing list for reporting and discussing the encountered issue. Also,wording.
I suggest also dropping the
In case any change in the OS behavior is observed, that can be possibly caused by this patch, it is recommended to use freebsd-bugs@freebsd.org mailing list for reporting and discussing the encountered issue. Also,
wording.
Nov 12 2021
Nov 12 2021
I think it is better to provide short and concise list of potential issues with ASLR, like this:
- changed ABI due to modified layout of address space
- address space fragmentation
- non-reproducable address space layout between runs
- harder debugging
- some debuggers automatically disable ASLR for spawned targets, making target' environment different between debug and non-debug runs
Nov 4 2021
Nov 4 2021
Limit setting of __elfN(pie_aslr_enabled) for only 64-bit PIE binaries.
Nov 2 2021
Nov 2 2021
Oct 29 2021
Oct 29 2021
Hi! Any comments/remarks to the updated version?
Oct 25 2021
Oct 25 2021
Oct 23 2021
Oct 23 2021
Oct 22 2021
Oct 22 2021
Oct 18 2021
Oct 18 2021
In D27666#734447, @lattera-gmail.com wrote:In D27666#734443, @mw wrote:Hi,
I'm refreshing the discussion. The current status is following:
- Fixes for the outstanding bugs ntpd (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253208) and Firefox/Thunderbird (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239873) landed on Friday. Hopefully this will cover all cases that might have remained unknown until now.
It seems like a problem with the underlying AS{L}R implementation. HardenedBSD has not needed to make any changes to any application since it completed its PaX-inspired ASLR implementation in 2015. If applications experience issues with FreeBSD's AS{L}R implementation, it'd be safe to assume a problem with the AS{L}R implementation, not the application.
In D27666#734443, @mw wrote:Hi,
I'm refreshing the discussion. The current status is following:
- Fixes for the outstanding bugs ntpd (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253208) and Firefox/Thunderbird (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239873) landed on Friday. Hopefully this will cover all cases that might have remained unknown until now.
I'm refreshing the discussion. The current status is following:
- PIE enabled by default in 64-builds.
- Ports' exp-run issues are fixed (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=214864)
- Fixes for the outstanding bugs ntpd (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253208) and Firefox/Thunderbird (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239873) landed on Friday. Hopefully this will cover all cases that might have remained unknown until now.
Sep 19 2021
Sep 19 2021
kevans added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
Sep 17 2021
Sep 17 2021
Sep 6 2021
Sep 6 2021
Oops, didn't meant to block after the amendment.
Jul 27 2021
Jul 27 2021
imp added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
val_packett.cool added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
imp added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
Testing this on an RPi4 would be nice, but it's not a dealbreaker.
markm added a project to D20780: Add support for getting early entropy from the UEFI RNG protocol: csprng.
markm added a reviewer for D20780: Add support for getting early entropy from the UEFI RNG protocol: csprng.
val_packett.cool updated the diff for D20780: Add support for getting early entropy from the UEFI RNG protocol.
Now loading with a separate preload type
val_packett.cool added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
markm added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
Jul 26 2021
Jul 26 2021
cperciva added inline comments to D20780: Add support for getting early entropy from the UEFI RNG protocol.
val_packett.cool updated the diff for D20780: Add support for getting early entropy from the UEFI RNG protocol.
Changed to use the file_addbuf function — no more modifications to stand/common/module \o/
May 1 2021
May 1 2021
Apr 2 2021
Apr 2 2021
Jan 25 2021
Jan 25 2021
Update revision after splitting PIE enablement to a separate patch (https://reviews.freebsd.org/D28328)
Jan 15 2021
Jan 15 2021
In D27666#629768, @mw wrote:In D27666#629538, @emaste wrote:In D27666#629463, @mw wrote:Thanks @emaste. Is there any part requiring additional work / contribution? If yes, please reach me out, so we can sync and help with whatever is needed.
Mainly I think we need to make a concerted effort towards identifying ports that require ELF feature tags to opt out of various features, and some common mechanism (either infrastructure or template approach) for setting those bits. I submitted PR252629
As above PR239873 reports issues with firefox and thunderbird with ASLR stack gap. I found libreoffice is incompatible with W^X and submitted PR252689 for that.
WRT ports do you see a better option than enable PIE/ASLR by default, let the community / port maintainers identify problems, create PR's and opt-out this option until fixed?