OpenBSD Journal

OpenBSD Journal

Viable ROP-free roadmap for i386/armv8/riscv64/alpha/sparc64

Contributed by rueda on from the If you break it you buy it, no returns please dept.

Theo de Raadt (deraadt@) posted to tech@ a detailed message explaining the past and (potential) future of anti-ROP measures in OpenBSD.

It's well worth reading its entirety. Highlights include:

Years later, Todd Mortimer and I developed RETGUARD.  At the start of
that initiative he proposed we protect all functions, to try to guard
all the RET instructions, and therefore achieve a state we call
"ROP-free".  I felt this was impossible, but after a couple hurdles the
RETGUARD performance was vastly better than the stack protector and we
were able to protect all functions and get to ROP-free (on fixed-sized
instruction architecures).  Performance was acceptable to trade against
improved security.
We were able to enable RETGUARD on all functions because it was fast.
On the other hand the RETGUARD approach uses an illegal instruction (of
some sort), which is a speculation barrier. That prevents the cpu from
heading off into an alternative set of weeds.  It will go decode more
instructions along the post-RET execution path.

I filed that idea as interesting but did nothing with it.  Until now.

Like we said earlier, it is worth reading the whole thing! This points forward to some remarkable improvements on several architectures, and those changes could be a clear benefit for other systems too.

-current has moved to 7.4-beta

Contributed by rueda on from the here-we-go-again dept.

With the following commit(s), Theo de Raadt (deraadt@) moved -current to version 7.4-beta:

Module name:	src
Changes by:	2023/09/18 07:16:13

Modified files:
	share/mk       : 
	etc/root       : root.mail 
	sys/conf       : 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	usr.bin/signify: signify.1 

Log message:
crank to 7.4-beta

Snapshots are (already) available for several platforms. At the time of writing, there are a mixture of 7.3 and 7.4 files on at least some mirrors, so readers are advised that problems may occur.

(Regular readers will know what comes next…)

This serves as an excellent reminder to upgrade snapshots frequently, test both base and ports, and report problems [plus, of course, donate!].

p2k23 Hackathon Report: Volker Schlecht (volker@) on rust and erlang progress

Contributed by rueda on from the brushing up the rust dept.

We are pleased to have another p2k23 report, this time from Volker Schlecht (volker@) who writes:

"Ladies and Gentlemen, our plane is equipped with two engines, and I'm afraid I need to tell you that the one that you see to your right won't start right now…"
As with several other developers my trip to p2k23 didn't exactly start off as planned. Eventually the engine did start, though (and I'm glad to report it stayed on, too) and I made it to Dublin.

Read more…

3D printing on OpenBSD? Yes, that’s a thing!

Contributed by Ian Darwin on from the 'What else can you do with it?' dept.

Can you really do 3D printing from OpenBSD? Cue suspenseful music whilst I formulate my answer, which is: Yes.

If you aren’t familiar with the 3D printing process, it’s divided into several steps, vaguely analogous to writing, compiling and running a program in a compiled language.

Read more…

p2k23 Hackathon Report: Landry Breuil (landry@) on chasing memory corruptions

Contributed by rueda on from the birds do thunder dept.

Next up in the series of p2k23 hackathon reports is this from Landry Breuil (landry@), who writes,

It's been a while since the last p2k19 in bucarest… and this time in a new place, city, country, lovely ireland with a lovely weather at this time of the year.

As usual, i wanted to play with things that were left on the side for a while (upgrading mail/stalwart stack to the new all-bundled-in-one layout to play with JMAP… or testing matthieu@'s work on wayland) - but i was of course mostly distracted from those interesting topics by …firefox, you guess it. Dammit, not again !

Read more…

p2k23 Hackathon Report: Jeremy Evans (jeremy@) on Ruby ports cleanup, database progress, and more

Contributed by rueda on from the ruby red, turning green dept.

Next up in our reports from the p2k23 hackathon is one from Jeremy Evans (jeremy@). Jeremy writes:

My travel to Dublin started off not so great, with the airline figuring out they had to replace the copilot's chair in the cockpit after everyone had boarded, forcing everyone to deplane and then reboard an hour later. I ended up getting to Dublin a couple hours later than scheduled. This was the day before the hackathon started, so thankfully I didn't miss any hacking time. After I arrived, I took a brief nap, then found out where the hackroom was.

Read more…


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 7.3

0162023-09-21 SECURITY npppd(8) could crash by a l2tp message which has an AVP with wrong length.
0152023-07-25 RELIABILITY Some hypervisors remain unpatched for writes to Zenbleed DE_CFG bit, so skip it.
0142023-07-24 RELIABILITY Missing bounds check in console terminal emulation could cause a kernel crash after receiving specially crafted escape sequences.
0132023-07-24 SECURITY Install firmware updates for AMD cpus, to repair past or potential future bugs. For i386 and amd64 platforms.
0122023-07-24 SECURITY Add firmware for AMD cpus, to repair past or potential future bugs. For i386 and amd64 platforms.

After this step, "fw_update" and "installboot" must be run.

0112023-07-24 SECURITY Workaround for Zenbleed AMD cpu problem. For i386 and amd64 platforms.

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]