Hacker News: notaplumber1

New comment by notaplumber1 in "Why Oxide Chose Illumos"

notaplumber1 — Thu, 12 Sep 2024 17:16:49 +0000

> I will say, though, that single VCPU guests would not have met our immediate needs in the Oxide product!

Could Oxide not have helped push multi-vcpu guests out the door by sponsoring one of the main developers working on it, or contributing to development? From a secure design perspective, OpenBSD's vmd is a lot more appealing than bhyve is today.

I saw recently that AMD SEV (Secure Encrypted Virtualization) was added, which seems compelling for Oxide's AMD based platform. Has Oxide added support for that to their bhyve fork yet?

New comment by notaplumber1 in "OpenBSD: Removing syscall(2) from libc and kernel"

notaplumber1 — Fri, 27 Oct 2023 20:21:21 +0000

OpenBSD developers are making a serious effort to kill off indirect syscalls, the base system is completely clean, take a look at the work Andrew Fresh did to adapt Perl. He wrote a complete syscall "dispatcher" or emulator for the Perl syscall function so that it calls the libc stubs.

https://github.com/openbsd/src/commit/312e26c80be876012ae979...

The ports tree is being cleansed of syscall(2) usage, until they're all gone.

msyscall, pinsyscall, recent mandatory IBT/BTI, xonly. OpenBSD is making some waves, but people aren't really seeing them yet.

Making OpenBSD look like Ubuntu Linux

notaplumber1 — Tue, 18 Jul 2023 20:26:34 +0000

Article URL: https://functionallyparanoid.com/imitation-is-the-sincerest-form-of-flattery/

Comments URL: https://news.ycombinator.com/item?id=36778620

Points: 8

# Comments: 1

New comment by notaplumber1 in "Mandatory enforcement of indirect branch targets"

notaplumber1 — Fri, 14 Jul 2023 15:02:37 +0000

OpenBSD disables jump tables in Clang on amd64 due to IBT, some architectures also had jump tables disabled as part of the switch to --execute-only ("xonly") binaries by default, e.g: powerpc64/sparc64/hppa.

https://marc.info/?l=openbsd-cvs&m=168254711511764&w=2

E.g: https://marc.info/?l=openbsd-cvs&m=167337396024167&w=2

New comment by notaplumber1 in "OpenBSD: Shutdown/reboot now require membership of group _shutdown"

notaplumber1 — Tue, 20 Jun 2023 12:24:54 +0000

All of those are examples of privilege seperated software imported from OpenBSD, pf and thus pflogd(8), dhclient(8) and yplapd(8).

https://www.openbsd.org/innovations.html

New comment by notaplumber1 in "Windows ARM Dev Kit 2023"

notaplumber1 — Sat, 29 Apr 2023 22:48:38 +0000

Won't help you with Docker containers, but OpenBSD/arm64 will run OOTB on the MS Dev Kit, NVMe works, USB-3 works, 2.5Gbe Realtek NIC is supported by the ure(4) driver. The ath11k wireless is not supported though, so you'll need a USB adapter for that unfortunately.

If you're looking for a free Unix-y environment to play with, with >11000 binaries packages available.

You need to use the mini-DisplayPort for video output, not Type-C. This is a UEFI limitation on the machine.

New comment by notaplumber1 in "OpenBSD: Malloc leak detection available in -current"

notaplumber1 — Wed, 19 Apr 2023 14:07:09 +0000

I didn't say it wasn't a problem. I said it was not the problem here. Important distinction.

Licensing is not the reason for the sanitizers not being enabled in the default build, a lot of stuff isn't. If it were supported, it would probably be delegated to the ports version, along with the analyzer, additional llvm tools, cross-compiling, etc.

New comment by notaplumber1 in "OpenBSD: Malloc leak detection available in -current"

notaplumber1 — Mon, 17 Apr 2023 16:59:52 +0000

I'm pretty sure parsing ELF binaries is out of scope for kdump(1), sorry, but I don't think that's going to happen.

It's not that difficult to run addr2line yourself with the information provided, and that's really for the best.

New comment by notaplumber1 in "OpenBSD: Malloc leak detection available in -current"

notaplumber1 — Mon, 17 Apr 2023 16:19:15 +0000

OpenBSD begrudgingly made an exception for LLVM/Clang, after vocal opposition to the re-licencing. It currently uses LLVM/Clang 13 and has been making progress towards 15. Licensing is not the problem here. Most of the sanitizers are simply not enabled in the version shipped in base, and require runtime libraries that have not been ported to OpenBSD.

Valgrind exists in ports, but it is ancient and broken. It does not play well with various security mitigations.

New comment by notaplumber1 in "OpenBSD: Malloc leak detection available in -current"

notaplumber1 — Mon, 17 Apr 2023 15:57:44 +0000

Are you asking why doesn't it execv(2) addr2line deep within the libc malloc implementation? Because calling execv(2) within libraries is frowned upon.. ;-)

The leak report is being generated internally by malloc. It is then logged via utrace(2) when a process is traced through ktrace(1).

The kdump utility simply dumps the report, strvis(3) escaping any potentially unsafe characters. As this is untrusted user data, passing it as the input/args to another command is unwise. Also kdump(1) uses pledge(2) and cannot execute commands.

New comment by notaplumber1 in "Synthetic Memory Protections: An update on ROP mitigations [pdf]"

notaplumber1 — Sat, 25 Mar 2023 14:10:45 +0000

Dragos Ruiu (@dragosr) also provided the video recording on his Twitter account.

https://twitter.com/dragosr/status/1639015014177841153

Synthetic Memory Protections: An update on ROP mitigations [pdf]

notaplumber1 — Sat, 25 Mar 2023 14:09:22 +0000

Article URL: https://www.openbsd.org/papers/csw2023.pdf

Comments URL: https://news.ycombinator.com/item?id=35302767

Points: 96

# Comments: 55

Theo de Raadt on pinsyscall(2) (OpenBSD)

notaplumber1 — Wed, 22 Feb 2023 19:12:55 +0000

Article URL: https://undeadly.org/cgi?action=article;sid=20230222064027

Comments URL: https://news.ycombinator.com/item?id=34901032

Points: 17

# Comments: 5

New comment by notaplumber1 in "Pluggable Authentication Modules (PAM)"

notaplumber1 — Sat, 04 Feb 2023 16:07:58 +0000

OpenSSH developers documented some issues they found with PAM, in implementation and design.

https://www.dtucker.net/pam/

BSD Authentication is much nicer, but has only been adopted by OpenBSD.

https://man.openbsd.org/authenticate.3

https://man.openbsd.org/auth_subr.3

New comment by notaplumber1 in "BROP mitigation on systems without xonly (execute-only) hw-enforcement (OpenBSD)"

notaplumber1 — Wed, 01 Feb 2023 13:55:28 +0000

Additional context, and status about recent developments in OpenBSD.

BROP: https://www.scs.stanford.edu/brop/ (paper "Hacking Blind" (2014): https://www.scs.stanford.edu/brop/bittau-brop.pdf

xonly mitigation status: https://marc.info/?l=openbsd-tech&m=167501519712725&w=2

BROP mitigation on systems without xonly (execute-only) hw-enforcement (OpenBSD)

notaplumber1 — Wed, 01 Feb 2023 13:46:18 +0000

Article URL: https://marc.info/?l=openbsd-cvs&m=167517831914525&w=2

Comments URL: https://news.ycombinator.com/item?id=34610290

Points: 2

# Comments: 1

Viable xonly functionality on amd64 using Memory Protection Keys/PKU (OpenBSD)

notaplumber1 — Fri, 20 Jan 2023 22:33:10 +0000

Article URL: https://marc.info/?l=openbsd-cvs&m=167423045918820&w=2

Comments URL: https://news.ycombinator.com/item?id=34461030

Points: 5

# Comments: 0

New comment by notaplumber1 in "mimmutable() for OpenBSD"

notaplumber1 — Sun, 11 Dec 2022 02:31:54 +0000

I will agree that you have chosen your words carefully, and with obvious intent.

New comment by notaplumber1 in "mimmutable() for OpenBSD"

notaplumber1 — Sun, 11 Dec 2022 02:22:19 +0000

> I'd argue that things like msyscall and mstack don't at all because they cost attackers only a couple of minutes of time once to develop a bypass technique (ie move the stack pointer before a syscall, reuse the authorized syscall instruction) that they can apply everywhere.

If you read up on library order randomization/re-link and retguard, you may find your technique won't be so reusable, even once you do manage to locate a syscall stub in libc.

New comment by notaplumber1 in "mimmutable() for OpenBSD"

notaplumber1 — Sun, 11 Dec 2022 01:51:52 +0000

> As others have mentioned as well using ROP to jump to the syscall instructions in libc with your own arguments (it’s not special…) bypasses restrictions in the current design.

...ignoring other mitigations.

> In fact I can extend it with something OpenBSD does not have a good implementation of yet, strong CFI, which would prevent jumping into the middle of a function to execute that syscall instruction. But there are more fundamental reasons why this doesn’t work.

Sounds like you need to spend 5 more minutes reading about retguard.