OpenBSD Journal

OpenBSD Journal

OpenBSD Community Goes Gold for 2018!

Contributed by Paul 'WEiRD' de Weerd on from the golden-communities dept.

Ken Westerback (krw@ when wearing his developer hat) writes:

Monthly paypal donations from the OpenBSD community have made the community the OpenBSD Foundation's first Gold level contributor for 2018!

2018 is the third consecutive year that the community has reached Gold status or better.

These monthly paypal commitments by the community are our most reliable source of funds and thus the most useful for financial planning purposes. We are extremely thankful for the continuing support and hope the community matches their 2017 achievement of Platinum status. Or even their 2016 achievement of Iridium status.

Sign up now for a monthly donation!

Note that Bitcoin contributions have been re-enabled now that our Bitcoin intermediary has re-certified our Canadian paperwork.

MAP_STACK Stack Register Checking Committed to -current

Contributed by rueda on from the ROPper-stopper dept.

The MAP_STACK anti-ROP mechanism described in a recent article has been committed to -current. The commit message includes:

Implement MAP_STACK option for mmap().  Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).

OpenBSD 6.3 Released

Contributed by rueda on from the cranking-the-handle dept.

April 2, 2018: The OpenBSD project has announced the availability of the newest release, OpenBSD 6.3:

We are pleased to announce the official release of OpenBSD 6.3.
This is our 44th release.  We remain proud of OpenBSD's record of more
than twenty years with only two remote holes in the default install.

Notable changes include:

  • SMP is supported on arm64 platforms.
  • amd64 Intel CPU microcode is loaded on boot.
  • Many improvements have been made in vmm/vmd.
  • Several parts of the network stack now run without KERNEL_LOCK().
  • slaacd now generates stable IPv6 stateless autoconfiguration addresses (RFC 7217), and supports any prefix size as required by RFC 4862.
  • Multiple security improvements have been made, including Meltdown/Spectre (variant 2) mitigations.
  • pledge() has been modified to support "execpromises" (as the second argument).
  • Filesystem handling in suspend/hibernate has been improved.

As usual, there are updated versions of OpenSMTPD, OpenSSH, and LibreSSL.

The release page contains a more complete list of changes, and the upgrade page gives recommendations on how to upgrade to the new release.

Stack-register Checking

Contributed by Paul 'WEiRD' de Weerd on from the stacks-of-mitigations dept.

Recently, Theo de Raadt (deraadt@) described a new type of mitigation he has been working on together with Stefan Kempf (stefan@):

How about we add another new permission!  This is not a hardware
permission, but a software permission.  It is opportunistically
enforced by the kernel.
the permission is MAP_STACK.  If you want to use memory as a stack,
you must mmap it with that flag bit.  The kernel does so automatically
for the stack region of a process's stack.  Two other types of stack
occur: thread stacks, and alternate signal stacks.  Those are handled
in clever ways.

When a system call happens, we check if the stack-pointer register
points to such a page.  If it doesn't, the program is killed.  We
have tightened the ABI.  You may no longer point your stack register
at non-stack memory.  You'll be killed.  This checking code is MI, so
it works for all platforms.

For more detail, see Theo's original message.

Read more…

syspatches will be provided for both supported releases

Contributed by Paul 'WEiRD' de Weerd on from the historically-accurate dept.

Good news for people doing upgrades only once per year: syspatches will be provided for both supported releases. The commit from T.J. Townsend (tj@) speaks for itself:

Subject:    CVS: www
From:       T.J. Townsend <tj () openbsd ! org>
Date:       2018-03-06 22:09:12

Module name:	www
Changes by:	2018/03/06 15:09:12

Modified files:
	.              : errata61.html stable.html 
	faq            : faq10.html 

Log message:
syspatches will now be provided for both supported releases.

Thanks to all the developers involved in providing these!

Update: An official announcement has been released:

Read more…

a2k18 Hackathon Report: Ken Westerback on dhclient and more

Contributed by rueda on from the airports dept.

Ken Westerback (krw@) has sent in the first report from the (recently concluded) a2k18 hackathon:

YYZ -> YVR -> MEL -> ZQN -> CHC -> DUD -> WLG -> AKL -> SYD -> BNE -> YVR -> YYZ.


Once in Dunedin the hacking commenced. The background was a regular tick of new meltdown diffs to test in addition to whatever work one was actually engaged in. I was lucky (?) in that none of the problems with the various versions cropped up on my laptop.

Read more…


Donate to OpenBSD


We are constantly on the lookout for stories of how you put OpenBSD to work. Please submit any informative articles on how OpenBSD is helping your company.

OpenBSD Errata

OpenBSD 6.3

0052018-04-21 RELIABILITY httpd can leak file descriptors when servicing range requests.
0042018-04-21 SECURITY In the gif(4) interface, use the specified protocol for IPv6, plug a mbuf leak and avoid a use after free.
0032018-04-21 RELIABILITY ARP replies could be sent on the wrong member of a bridge(4) interface.
0022018-04-21 RELIABILITY Additional data is inadvertently removed when private keys are cleared from TLS configuration, which can prevent OCSP from functioning correctly.
0012018-04-14 SECURITY Heap overflows exist in perl which can lead to segmentation faults, crashes, and reading memory past the buffer.

Unofficial RSS feed of OpenBSD errata


Users wishing RSS/RDF summary files of OpenBSD Journal can retrieve: RSS feed

Options are available.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]