Better use-after-free bug detection in -current

Contributed by ray on 2008-11-23 from the zombie-cow-protection dept.

Hot on the heels of Otto's malloc changes, Theo de Raadt (deraadt@) just committed another bug detecting measure into OpenBSD,

CVSROOT:        /cvs
Module name:    src
Changes by:     deraadt@ 2008/11/22 10:31:53

Modified files:
       sys/kern       : subr_pool.c

Log message:
Do deadbeef-style protection in pools too, by default, even though it it
is a lot slower.  Before release this should be backed out, but for now
we need everyone to run with this and start finding the use-after-free
style bugs this exposes. original version from tedu
ok everyone in the room

As with Otto's malloc changes, please report any suddenly misbehaving programs!

(Comments are closed)

Comments

By Damien Miller (djm) djm@mindrot.org on 2008-11-24 01:13 http://www.mindrot.org/~djm/

Theo's commit was to the kernel, so use-after-free's should show up as panics (good) and not misbehaviour (bad).
Comments
1. By Anonymous Coward (82.101.210.49) on 2008-11-24 02:39
  
  > Theo's commit was to the kernel, so use-after-free's should show up as panics (good) and not misbehaviour (bad).
  
  So the request to "report any suddenly misbehaving programs" is based on the incorrect assumption that Theo's commit affects userland?
  Comments
  1. By tedu (udet) on 2008-11-24 03:00
    
    > > Theo's commit was to the kernel, so use-after-free's should show up as panics (good) and not misbehaviour (bad).
    >
    > So the request to "report any suddenly misbehaving programs" is based on the incorrect assumption that Theo's commit affects userland?
    
    The kernel pretty much by definition affects userland, but the request would have been better phrased s/programs/behaviors.
  2. By Ray (66.65.42.141) ray@cyth.net on 2008-11-24 07:27 http://cyth.net/~ray/
    
    > > Theo's commit was to the kernel, so use-after-free's should show up as panics (good) and not misbehaviour (bad).
    >
    > So the request to "report any suddenly misbehaving programs" is based on the incorrect assumption that Theo's commit affects userland?
    
    Yes, sorry I was a bit hasty with publishing this article. Either way, though, testing is needed and much appreciated. Thanks!
By Anonymous Coward (2a01:198:25d:0:20a:e4ff:fe32:17b2) on 2008-11-24 08:55

> Before release this should be backed out

How about a sysctl or at least an ifdef?
Comments
1. By giezet (62.143.76.164) giezet@tkk.net.pl on 2008-11-24 21:51
  
  > > Before release this should be backed out
  >
  > How about a sysctl or at least an ifdef?
  
  Hmm I remember reading a report from a hackathon long long ago. What I can remember very vividly is the conclusion that knobs should be avoided where possible. And quoting a snippet from theo.c:
  
  "#ifdef is for emacs developers."
  
  So, I rather doubt that this will happen :D On the other hand, what can stop us to add an #ifdef manually? We don't need to be emacs developers to accomplish that by ourselves :)
2. By Anonymous Coward (2a01:348:108:155:216:41ff:fe53:6a45) on 2008-11-24 22:13
  
  > > Before release this should be backed out
  >
  > How about a sysctl or at least an ifdef?
  
  Then people would disable it rather than report the problems.
  Comments
  1. By Cabal (Cabal) on 2008-11-25 00:12 http://www.enginuity.org/
    
    > > > Before release this should be backed out
    > >
    > > How about a sysctl or at least an ifdef?
    >
    > Then people would disable it rather than report the problems.
    
    And people who run releases (and would never see it) would be able to turn it on.
    
    Comments
    
    By tedu (udet) on 2008-11-25 01:03
    
    > > > > Before release this should be backed out
    > > >
    > > > How about a sysctl or at least an ifdef?
    > >
    > > Then people would disable it rather than report the problems.
    >
    > And people who run releases (and would never see it) would be able to turn it on.
    
    releases don't have bugs.
    
    Comments
    
    By Anonymous Coward (71.94.240.83) on 2008-11-25 23:58
    
    > releases don't have bugs.
    
    hilarity ensues
    
    By phessler (phessler) on 2008-11-25 09:46 http://theapt.org
    
    > > > > Before release this should be backed out
    > > >
    > > > How about a sysctl or at least an ifdef?
    > >
    > > Then people would disable it rather than report the problems.
    >
    > And people who run releases (and would never see it) would be able to turn it on.
    
    the people that would turn it on, would also run snapshots. which helps to make releases all that much better.

Latest Articles

Wed, May 13
- 06:49 Automatic expiry at timeout for pf(4) overload tables (0)
Tue, May 12
- 11:52 Let's find out how to get predictable IPv6 addresses assigned to OpenBSD VMs (0)
- 05:26 Game of Trees 0.125 released (0)
Mon, May 11
- 20:20 Recent downtime (2)
Mon, Apr 20
- 08:58 LibreSSL 4.3.1 released (0)
- 05:32 OpenBSD -current is now "7.9-current" (0)
Wed, Apr 15
- 11:56 rpki-client 9.8 released (0)
- 05:00 Selectively block cores from the scheduler with sysctl hw.blockcpu (1)
Tue, Apr 14
- 05:20 OpenBSD -current has moved to version 7.9 (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]