OpenBSD Journal

g2k14: Theo de Raadt on security and configurations

Contributed by pitrh on from the only zeros and ones, in a new order dept.

OpenBSD project leader Theo de Raadt (deraadt@) writes in from g2k14:

In the two weeks leading up to Slovenia I worked with Bob Beck on the replacement functions that would be needed to emulate getentropy(2). During the start of the hackathon there was a final bit of work to ensure Bob and Brent Cook were on their way with that.
Then it was time to attack a new security issue I have become aware of. Apparently file descriptor exhaustion can be used to hide reporting of buffer overflows by the stack protector. The stack protector guard function needs a file descriptor to report failure. Some of you who have been following blogs about arc4random and getentropy will recognize this issue.

This issue was first made apparent due to the systrace sandbox technique now used in the ssh tools, which prevents syslog_r from doing socket, connect, sendto.. all the good system calls necessary to report failure, but dangerous -- and precisely what the sandbox is trying to prevent.

This has been solved by creating a new system call that can send a message to syslogd without needing any additional resources; syslog_r(3) then uses this directly, one shot, fire and forget. The system call is rather narrow in purpose, and thus named sendsyslog(2), but this also fits the narrow use case it will have such as sandboxing.

In that regard, it is quite similar to the way getentropy(2) was carved off sysctl. Funny how one thing leads to another.

Taking a break from the kernel space, it was time for some cleanup and hopeful improvement for /etc, sysmerge, and the installation tools. Robert and Antoine helped out with a plan to mostly empty /etc/rc, this work is not yet finished but will lead to an improved sysmerge. On other fronts, I worked with the install script guys and the DRM guys to make sure that our next release can automatically know to leave the X aperture closed for capable chipsets.

Remainder of the hackathon I flitted here and there, as usual, participating in projects of other developers. A very enjoyable and productive week!

(Comments are closed)


Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]