OpenBSD Journal

OpenBSD Journal

Stack-register Checking

Contributed by Paul 'WEiRD' de Weerd on from the stacks-of-mitigations dept.

Recently, Theo de Raadt (deraadt@) described a new type of mitigation he has been working on together with Stefan Kempf (stefan@):

How about we add another new permission!  This is not a hardware
permission, but a software permission.  It is opportunistically
enforced by the kernel.
the permission is MAP_STACK.  If you want to use memory as a stack,
you must mmap it with that flag bit.  The kernel does so automatically
for the stack region of a process's stack.  Two other types of stack
occur: thread stacks, and alternate signal stacks.  Those are handled
in clever ways.

When a system call happens, we check if the stack-pointer register
points to such a page.  If it doesn't, the program is killed.  We
have tightened the ABI.  You may no longer point your stack register
at non-stack memory.  You'll be killed.  This checking code is MI, so
it works for all platforms.

For more detail, see Theo's original message.

Read more…

syspatches will be provided for both supported releases

Contributed by Paul 'WEiRD' de Weerd on from the historically-accurate dept.

Good news for people doing upgrades only once per year: syspatches will be provided for both supported releases. The commit from T.J. Townsend (tj@) speaks for itself:

Subject:    CVS: www
From:       T.J. Townsend <tj () openbsd ! org>
Date:       2018-03-06 22:09:12

Module name:	www
Changes by:	2018/03/06 15:09:12

Modified files:
	.              : errata61.html stable.html 
	faq            : faq10.html 

Log message:
syspatches will now be provided for both supported releases.

Thanks to all the developers involved in providing these!

Update: An official announcement has been released:

Read more…

a2k18 Hackathon Report: Ken Westerback on dhclient and more

Contributed by rueda on from the airports dept.

Ken Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon:

YYZ -> YVR -> MEL -> ZQN -> CHC -> DUD -> WLG -> AKL -> SYD -> BNE -> YVR -> YYZ.


Once in Dunedin the hacking commenced. The background was a regular tick of new meltdown diffs to test in addition to whatever work one was actually engaged in. I was lucky (?) in that none of the problems with the various versions cropped up on my laptop.

Read more…

Meltdown fix committed by guenther@

Contributed by Paul 'WEiRD' de Weerd on from the so-hot-of-the-press-it-melts-your-cpu dept.

Meltdown mitigation is coming to OpenBSD. Philip Guenther (guenther@) has just committed a diff that implements a new mitigation technique to OpenBSD: Separation of page tables for kernel and userland. This fixes the Meltdown problems that affect most CPUs from Intel. Both Philip and Mike Larkin (mlarkin@) spent a lot of time implementing this solution, talking to various people from other projects on best approaches.

In the commit message, Philip briefly describes the implementation:

Read more…

a2k18 Hackathon preview: Syncookies coming to PF

Contributed by Peter N. M. Hansteen on from the puffies-or-cookies-for-you dept.

As you may have heard, the a2k18 hackathon is in progress. As can be seen from the commit messages, several items of goodness are being worked on.

One eagerly anticipated item is the arrival of TCP syncookies (read: another important tool in your anti-DDoS toolset) in PF. Henning Brauer (henning@) added the code in a series of commits on February 6th, 2018, with this one containing the explanation:

Read more…

Remi Locherer's EuroBSDcon 2017 Talk

Contributed by rueda on from the connecting the dots dept.

Remi Locherer wrote in:

Last September I gave a talk at EuroBSDcon in Paris. It was about the VPN setup for connecting the branch offices of my employer.

It was not my first EuroBSDcon but the first time I delivered a talk! I feared that only few people will show up at to my talk since Michael W. Lucas had his talk at the same time and also covered an OpenBSD topic. But the room was full and my talk was well received.

After the talk I received a nice gift from the EuroBSDcon organizers: a cartoonist made drawings from the presenters during the talks!

Read more…


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.2

0102018-03-20 RELIABILITY The IPsec AH header could be longer than the network packet, resulting in a kernel crash.
0092018-03-01 SECURITY Intel CPUs contain a speculative execution flaw called Meltdown which allows userspace programs to access kernel memory.
0082018-02-08 SECURITY A flaw was found in the way unbound validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof.
0072018-02-02 SECURITY If the EtherIP tunnel protocol was disabled, IPv6 packets were not discarded properly. This causes a double free in the kernel.
0062018-02-02 RELIABILITY Processing IPv6 fragments could incorrectly access memory of an mbuf chain that is not within an mbuf. This may crash the kernel.
0052018-02-02 RELIABILITY Specially crafted IPsec AH packets with IP options or IPv6 extension headers could crash or hang the kernel.

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]