From owner-freebsd-emulation@FreeBSD.ORG Sun Aug 25 01:49:20 2013 Return-Path: Delivered-To: emulation@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 30F77642 for ; Sun, 25 Aug 2013 01:49:20 +0000 (UTC) (envelope-from kentas@hush.com) Received: from smtp2.hushmail.com (smtp2.hushmail.com [65.39.178.134]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 185F02FFF for ; Sun, 25 Aug 2013 01:49:19 +0000 (UTC) Received: from smtp2.hushmail.com (localhost [127.0.0.1]) by smtp2.hushmail.com (Postfix) with SMTP id 7D295A04A3 for ; Sun, 25 Aug 2013 01:49:13 +0000 (UTC) Received: from smtp.hushmail.com (w7.hushmail.com [65.39.178.32]) by smtp2.hushmail.com (Postfix) with ESMTP for ; Sun, 25 Aug 2013 01:49:13 +0000 (UTC) Received: by smtp.hushmail.com (Postfix, from userid 99) id 5C692200E0; Sun, 25 Aug 2013 01:49:13 +0000 (UTC) MIME-Version: 1.0 Date: Sat, 24 Aug 2013 21:49:13 -0400 To: emulation@freebsd.org Subject: Linux emulation distfiles From: "Kenta Suzumoto" Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="UTF-8" Message-Id: <20130825014913.5C692200E0@smtp.hushmail.com> X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Aug 2013 01:49:20 -0000 Hi. The "gamin-0.1.9-6.fc10.src.rpm" distfile for the Linux emulation stuff isn't fetching. I had to grab it from one of the mirrors on http://rpm.pbone.net/index.php3/stat/26/dist/65/size/10649/name/gamin-0.1.9-6.fc10.src.rpm SHA256 and size match the one in distinfo. ===> Returning to build of linux_base-f10-10_7 ========================================================================= =================================================== ========================================================================= =================================================== => gamin-0.1.9-6.fc10.src.rpm doesn't seem to exist in /distfiles/rpm/i386/fedora/10. => Attempting to fetch http://critical.ch/distfiles/rpm/i386/fedora/10/gamin-0.1.9-6.fc10.src.rpm looking up critical.ch connecting to critical.ch:80 requesting http://critical.ch/distfiles/rpm/i386/fedora/10/gamin-0.1.9-6.fc10.src.rpm 404 - File not found From owner-freebsd-emulation@FreeBSD.ORG Sun Aug 25 14:16:32 2013 Return-Path: Delivered-To: emulation@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 4804C7A1 for ; Sun, 25 Aug 2013 14:16:32 +0000 (UTC) (envelope-from bsam@passap.ru) Received: from forward1l.mail.yandex.net (forward1l.mail.yandex.net [IPv6:2a02:6b8:0:1819::1]) by mx1.freebsd.org (Postfix) with ESMTP id 08F642F99 for ; Sun, 25 Aug 2013 14:16:32 +0000 (UTC) Received: from smtp14.mail.yandex.net (smtp14.mail.yandex.net [95.108.131.192]) by forward1l.mail.yandex.net (Yandex) with ESMTP id 8A3121520D1D; Sun, 25 Aug 2013 18:16:30 +0400 (MSK) Received: from smtp14.mail.yandex.net (localhost [127.0.0.1]) by smtp14.mail.yandex.net (Yandex) with ESMTP id 390FF1B6072E; Sun, 25 Aug 2013 18:16:30 +0400 (MSK) Received: from 93.91.10.81.tel.ru (93.91.10.81.tel.ru [93.91.10.81]) by smtp14.mail.yandex.net (nwsmtp/Yandex) with ESMTP id iyHh5wvUTH-GThafMUa; Sun, 25 Aug 2013 18:16:29 +0400 Message-ID: <521A11BD.3060500@passap.ru> Date: Sun, 25 Aug 2013 18:16:29 +0400 From: Boris Samorodov Organization: =?UTF-8?B?0JfQkNCeICLQktCQ0KDQoiI=?= User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130806 Thunderbird/17.0.7 MIME-Version: 1.0 To: Kenta Suzumoto Subject: Re: Linux emulation distfiles References: <20130825014913.5C692200E0@smtp.hushmail.com> In-Reply-To: <20130825014913.5C692200E0@smtp.hushmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: emulation@freebsd.org X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Aug 2013 14:16:32 -0000 25.08.2013 05:49, Kenta Suzumoto пишет: > Hi. The "gamin-0.1.9-6.fc10.src.rpm" distfile for the Linux emulation stuff isn't fetching. > I had to grab it from one of the mirrors on http://rpm.pbone.net/index.php3/stat/26/dist/65/size/10649/name/gamin-0.1.9-6.fc10.src.rpm > SHA256 and size match the one in distinfo. > > > ===> Returning to build of linux_base-f10-10_7 > ========================================================================= > =================================================== > ========================================================================= > =================================================== > => gamin-0.1.9-6.fc10.src.rpm doesn't seem to exist in /distfiles/rpm/i386/fedora/10. > => Attempting to fetch http://critical.ch/distfiles/rpm/i386/fedora/10/gamin-0.1.9-6.fc10.src.rpm > looking up critical.ch > connecting to critical.ch:80 > requesting http://critical.ch/distfiles/rpm/i386/fedora/10/gamin-0.1.9-6.fc10.src.rpm > > 404 - File not found It fetches for me: ----- % fetch http://archives.fedoraproject.org/pub/archive/fedora/linux/releases/10/Everything/i386/os/Packages/gamin-0.1.9-6.fc10.i386.rpm gamin-0.1.9-6.fc10.i386.rpm 100% of 124 kB 157 kBps 00m01s % sha256 gamin-0.1.9-6.fc10.i386.rpm SHA256 (gamin-0.1.9-6.fc10.i386.rpm) = 972929e302b9489f2d763790d1c0d91b8a4a04be5241bc260f52780665637d5d ----- -- WBR, Boris Samorodov (bsam) FreeBSD Committer, http://www.FreeBSD.org The Power To Serve From owner-freebsd-emulation@FreeBSD.ORG Mon Aug 26 00:22:32 2013 Return-Path: Delivered-To: emulation@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 7B2BEFAF for ; Mon, 26 Aug 2013 00:22:32 +0000 (UTC) (envelope-from yuri@rawbw.com) Received: from shell0.rawbw.com (shell0.rawbw.com [198.144.192.45]) by mx1.freebsd.org (Postfix) with ESMTP id 6716C2B99 for ; Mon, 26 Aug 2013 00:22:32 +0000 (UTC) Received: from eagle.yuri.org (stunnel@localhost [127.0.0.1]) (authenticated bits=0) by shell0.rawbw.com (8.14.4/8.14.4) with ESMTP id r7Q0MOgU051875; Sun, 25 Aug 2013 17:22:24 -0700 (PDT) (envelope-from yuri@rawbw.com) Message-ID: <521A9FC0.3010102@rawbw.com> Date: Sun, 25 Aug 2013 17:22:24 -0700 From: Yuri User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130822 Thunderbird/17.0.8 MIME-Version: 1.0 To: Yuri Subject: Re: VBox: VMs randomly fail with assertion: Expression: cbPreRead == 0 References: <52191D7E.9080600@rawbw.com> In-Reply-To: <52191D7E.9080600@rawbw.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: emulation@freebsd.org X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Aug 2013 00:22:32 -0000 On 08/24/2013 13:54, Yuri wrote: > Here is the message: > 00:10:44.838619 !!Assertion Failed!! > 00:10:44.838619 Expression: cbPreRead == 0 > 00:10:44.838621 Location : > /usr/ports/emulators/virtualbox-ose/work/VirtualBox-4.2.16/src/VBox/Storage/VD.cpp(2272) > int vdWriteHelperOptimized(VBOXHDD*, VDIMAGE*, VDIMAGE*, uint64_t, > size_t, size_t, size_t, size_t, const void*, void*, unsigned int) > > Gues OS: FreeBSD 9.1 (both i386 and amd64) Here is how to repeat: in a new VM with an empty disk install system from 9.1 iso. Update /usr/src and rebuild world+kernel, install gnome2 from ports. Get this error eventually. I only observed it with FreeBSD guests, not with linux or windows guests. Currently, version 4.2.16 isn't usable with FreeBSD guests for this reason. I downgraded to 4.2.14 and it died with assertion the same way. Not sure if this is because VM created on 4.2.16 was reused. Some previous version (not sure which exactly) was very stable and I used it with BSD guests for a long time. Yuri From owner-freebsd-emulation@FreeBSD.ORG Mon Aug 26 11:06:42 2013 Return-Path: Delivered-To: freebsd-emulation@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 938A813F for ; Mon, 26 Aug 2013 11:06:42 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 808862855 for ; Mon, 26 Aug 2013 11:06:42 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r7QB6gnP065894 for ; Mon, 26 Aug 2013 11:06:42 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r7QB6ga7065892 for freebsd-emulation@FreeBSD.org; Mon, 26 Aug 2013 11:06:42 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 26 Aug 2013 11:06:42 GMT Message-Id: <201308261106.r7QB6ga7065892@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-emulation@FreeBSD.org Subject: Current problem reports assigned to freebsd-emulation@FreeBSD.org X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Aug 2013 11:06:42 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/181012 emulation [linux] [patch] Implemented linux system call fstatfs6 o ports/180790 emulation devel/linux_kdump prints BSD descriptions of errno nam o kern/177743 emulation [kvm] [panic] kernel panic during `portsnap update` on o ports/177722 emulation Change request: Add terminfo database to linux_base-* o kern/174933 emulation [linux] if_nameindex fail in linuxulator enviroment o kern/174908 emulation [vmware] "unsupportable block size 0" after upgrading o kern/174238 emulation [qemu] FreeBSD 9.0 doesn't boot under QEMU due to ACPI o ports/169896 emulation [patch] audio/linux-f10-alsa-lib: use OSS plugin by de o kern/169814 emulation [linux] ptrace is broken in Linux emulation o kern/169805 emulation [linux] utime() syscall does not work in linuxulator o kern/159646 emulation [linux] [patch] bump Linux version in linuxulator f kern/156691 emulation [vmware] [panic] panic when using hard disks as RAW de o kern/156353 emulation [ibcs2] ibcs2 binaries that execute on 4.x not working o kern/155577 emulation [boot] BTX halted after install. Reboot during install o kern/155040 emulation [linux] [patch] Linux recvfrom doesn't handle proto fa o kern/153990 emulation [hyper-v]: Will not install into Hyper-V on Server 200 o kern/153887 emulation [linux] Linux emulator not understand STB_GNU_UNIQUE b o kern/153243 emulation [ibcs2] Seg fault whne running COFF binary using iBCS2 o kern/151714 emulation [linux] print/acroread9 not usable due to lack of supp a bin/150262 emulation [patch] truss(1) -f doesn't follow descendants of the a kern/150186 emulation [parallels] [panic] Parallels Desktop: CDROM disconnec o ports/148097 emulation [patch] suggested addition to linux_base-* packages to o ports/148096 emulation emulators/linux_base-* can not be built from ports on o kern/147793 emulation [vmware] [panic] cdrom handling, panic, possible race o kern/146237 emulation [linux] Linux binaries not reading directories mounted p kern/144584 emulation [linprocfs][patch] bogus values in linprocfs o ports/142837 emulation [patch] emulators/linux_base-* packages fails to insta o kern/140156 emulation [linux] cdparanoia fails to read drive data f kern/138944 emulation [parallels] [regression] Parallels no longer works in o kern/138880 emulation [linux] munmap segfaults after linux_mmap2 stresstest o ports/135337 emulation [PATCH] emulators/linux_base-f10: incorrect bash usage s kern/133144 emulation [linux] linuxulator 2.6 crashes with nvidias libGL.so. o kern/126232 emulation [linux] Linux ioctl TCGETS (0x5401) always fails o kern/86619 emulation [linux] linux emulator interacts oddly with cp a kern/72920 emulation [linux] path "prefixing" is not done on unix domain so o kern/41543 emulation [patch] [request] easier wine/w23 support o kern/39201 emulation [linux] [patch] ptrace(2) and rfork(RFLINUXTHPN) confu o kern/36952 emulation [patch] [linux] ldd(1) command of linux does not work o kern/11165 emulation [ibcs2] IBCS2 doesn't work correctly with PID_MAX 9999 39 problems total. From owner-freebsd-emulation@FreeBSD.ORG Wed Aug 28 12:10:38 2013 Return-Path: Delivered-To: freebsd-emulation@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 10A20A9F; Wed, 28 Aug 2013 12:10:38 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id D5E18222C; Wed, 28 Aug 2013 12:10:32 +0000 (UTC) Received: from porto.starpoint.kiev.ua (porto-e.starpoint.kiev.ua [212.40.38.100]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id PAA08882; Wed, 28 Aug 2013 15:10:30 +0300 (EEST) (envelope-from avg@FreeBSD.org) Received: from localhost ([127.0.0.1]) by porto.starpoint.kiev.ua with esmtp (Exim 4.34 (FreeBSD)) id 1VEeZy-000OS2-7U; Wed, 28 Aug 2013 15:10:30 +0300 Message-ID: <521DE891.9070107@FreeBSD.org> Date: Wed, 28 Aug 2013 15:09:53 +0300 From: Andriy Gapon User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130810 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-emulation@FreeBSD.org, freebsd-gnome@FreeBSD.org Subject: Re: [kde-freebsd] virtualbox file dialog problem References: <51E6B030.1080009@FreeBSD.org> <51E793DB.2020607@FreeBSD.org> In-Reply-To: <51E793DB.2020607@FreeBSD.org> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Greg Rivers , freebsd-standards@FreeBSD.org, kde@FreeBSD.org, freebsd-security@FreeBSD.org, freebsd-hackers@FreeBSD.org X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Aug 2013 12:10:38 -0000 on 18/07/2013 10:06 Andriy Gapon said the following: > on 18/07/2013 03:25 Greg Rivers said the following: >> On Wed, 17 Jul 2013, Andriy Gapon wrote: >> >>> I run virtualbox in KDE environment. A while ago (can't say exactly when) I >>> started to have a problem where any file opening dialog would fail with this >>> message: "Cannot talk to klauncher: Not connected to D-Bus server" >>> >>> I found that setting KDE_FORK_SLAVES=1 in environment works around the problem. >> >> I reported this same problem in this[1] thread on freebsd-ports@. In that post >> I provided a link to a similar report for KDE on openSUSE that required a dbus >> patch to fix. >> >> I'm guessing that either the latest versions of VirtualBox have a bug in their >> dbus interface, or the version of dbus we have needs to be updated. >> >> [1] http://lists.freebsd.org/pipermail/freebsd-ports/2013-July/084783.html > > I saw those OpenSUSE reports but I think that they were against the much older > version of dbus. I have done some more investigation and the problems turns out to be dbus related indeed. The problem has only a tangential relation to KDE, so I plan to drop kde@ from this thread. It has a relation to what VirtualBox does, so I am keeping emulation@. It is related to dbus and gnome@ is its maintainer(s). It is also related to how issetugid(2) works, so I am including standards@, security@ and hackers@. So, please excuse me for such a wide distribution list, but I think that the solution should be negotiated among the parties involved. Now a description of the problem. 1. VirtualBox executable is installed setuid root. Apparently, when it is run it does some privileged things and then drops all of the uids and gids (real, effective and saved) back to what they should have been originally. VirtualBox does not do any (re-)exec of itself after the above manipulations. 2. issetugid(2) (which is apparently a BSD extension) on FreeBSD does not consider the above manipulations as sufficient to mark an executable as untainted. So it would return 1 for the VirtualBox process. 3. dbus code seems to impose some limitations on communication by such "tainted" processes. It has the following code: http://cgit.freedesktop.org/dbus/dbus/tree/dbus/dbus-sysdeps-unix.c#n4139 For web-impaired :) the gist is that on BSD systems the code uses issetugid but on other systems (like Linux) it uses getresuid and getresgid and checks that all 3 uids are the same and all 3 gids are the same. As a result, on FreeBSD the dbus code would consider the VirtualBox process tainted and that impairs its communication with KDE components. On systems without issetugid or those that implement it differently, dbus would work as for a normal process and all the communications are OK. I've also verified this conclusion by forcing dbus to use the alternative logic on FreeBSD. So, possible solutions: A. change how issetugid(2) works on FreeBSD; a comment in sys_issetugid hints that other BSDs may have different behaviors B. change VirtualBox to be friendly to FreeBSD issetugid(2) and exec itself after dropping the privileges C. patch dbus port to not use issetugid(2) D. something else What do you guys think? -- Andriy Gapon From owner-freebsd-emulation@FreeBSD.ORG Wed Aug 28 12:24:29 2013 Return-Path: Delivered-To: freebsd-emulation@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id C3749E1; Wed, 28 Aug 2013 12:24:29 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from citadel.icyb.net.ua (citadel.icyb.net.ua [212.40.38.140]) by mx1.freebsd.org (Postfix) with ESMTP id 59B962368; Wed, 28 Aug 2013 12:24:28 +0000 (UTC) Received: from porto.starpoint.kiev.ua (porto-e.starpoint.kiev.ua [212.40.38.100]) by citadel.icyb.net.ua (8.8.8p3/ICyb-2.3exp) with ESMTP id PAA09014; Wed, 28 Aug 2013 15:24:26 +0300 (EEST) (envelope-from avg@FreeBSD.org) Received: from localhost ([127.0.0.1]) by porto.starpoint.kiev.ua with esmtp (Exim 4.34 (FreeBSD)) id 1VEenS-000OTH-Fs; Wed, 28 Aug 2013 15:24:26 +0300 Message-ID: <521DEBC2.1080602@FreeBSD.org> Date: Wed, 28 Aug 2013 15:23:30 +0300 From: Andriy Gapon User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130810 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-emulation@FreeBSD.org Subject: Re: [kde-freebsd] virtualbox file dialog problem References: <51E6B030.1080009@FreeBSD.org> <51E793DB.2020607@FreeBSD.org> <521DE891.9070107@FreeBSD.org> In-Reply-To: <521DE891.9070107@FreeBSD.org> X-Enigmail-Version: 1.5.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-hackers@FreeBSD.org, freebsd-standards@FreeBSD.org, freebsd-security@FreeBSD.org X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Aug 2013 12:24:29 -0000 on 28/08/2013 15:09 Andriy Gapon said the following: > Now a description of the problem. > > 1. VirtualBox executable is installed setuid root. Apparently, when it is run > it does some privileged things and then drops all of the uids and gids (real, > effective and saved) back to what they should have been originally. > VirtualBox does not do any (re-)exec of itself after the above manipulations. > > 2. issetugid(2) (which is apparently a BSD extension) on FreeBSD does not > consider the above manipulations as sufficient to mark an executable as > untainted. So it would return 1 for the VirtualBox process. > > 3. dbus code seems to impose some limitations on communication by such "tainted" > processes. It has the following code: > http://cgit.freedesktop.org/dbus/dbus/tree/dbus/dbus-sysdeps-unix.c#n4139 > For web-impaired :) the gist is that on BSD systems the code uses issetugid but > on other systems (like Linux) it uses getresuid and getresgid and checks that > all 3 uids are the same and all 3 gids are the same. > > As a result, on FreeBSD the dbus code would consider the VirtualBox process > tainted and that impairs its communication with KDE components. > On systems without issetugid or those that implement it differently, dbus would > work as for a normal process and all the communications are OK. > > I've also verified this conclusion by forcing dbus to use the alternative logic > on FreeBSD. > > So, possible solutions: [snip] > B. change VirtualBox to be friendly to FreeBSD issetugid(2) and exec itself > after dropping the privileges [snip] BTW, I've just found this "interesting" code in the VirtualBox sources (forgive me a full paste, but I couldn't resist): #if defined(RT_OS_DARWIN) # include # include # include # include /** Really ugly hack to shut up a silly check in AppKit. */ static void ShutUpAppKit(void) { /* Check for Snow Leopard or higher */ char szInfo[64]; int rc = RTSystemQueryOSInfo (RTSYSOSINFO_RELEASE, szInfo, sizeof(szInfo)); if ( RT_SUCCESS (rc) && szInfo[0] == '1') /* higher than 1x.x.x */ { /* * Find issetguid() and make it always return 0 by modifying the code. */ void *addr = dlsym(RTLD_DEFAULT, "issetugid"); int rc = mprotect((void *)((uintptr_t)addr & ~(uintptr_t)0xfff), 0x2000, PROT_WRITE|PROT_READ|PROT_EXEC); if (!rc) ASMAtomicWriteU32((volatile uint32_t *)addr, 0xccc3c031); /* xor eax, eax; ret; int3 */ } } #endif /* DARWIN */ -- Andriy Gapon From owner-freebsd-emulation@FreeBSD.ORG Wed Aug 28 22:13:20 2013 Return-Path: Delivered-To: freebsd-emulation@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 794C963B; Wed, 28 Aug 2013 22:13:20 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (unknown [IPv6:2001:610:1108:5012::107]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 207F62BB4; Wed, 28 Aug 2013 22:13:20 +0000 (UTC) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mx1.stack.nl (Postfix) with ESMTP id 3CDF9120207; Thu, 29 Aug 2013 00:13:04 +0200 (CEST) Received: by snail.stack.nl (Postfix, from userid 1677) id 20BF828494; Thu, 29 Aug 2013 00:13:04 +0200 (CEST) Date: Thu, 29 Aug 2013 00:13:04 +0200 From: Jilles Tjoelker To: Andriy Gapon Subject: Re: [kde-freebsd] virtualbox file dialog problem Message-ID: <20130828221303.GA53931@stack.nl> References: <51E6B030.1080009@FreeBSD.org> <51E793DB.2020607@FreeBSD.org> <521DE891.9070107@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <521DE891.9070107@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: Greg Rivers , kde@FreeBSD.org, freebsd-gnome@FreeBSD.org, freebsd-hackers@FreeBSD.org, freebsd-security@FreeBSD.org, freebsd-emulation@FreeBSD.org, freebsd-standards@FreeBSD.org X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Aug 2013 22:13:20 -0000 On Wed, Aug 28, 2013 at 03:09:53PM +0300, Andriy Gapon wrote: > on 18/07/2013 10:06 Andriy Gapon said the following: > > on 18/07/2013 03:25 Greg Rivers said the following: > >> On Wed, 17 Jul 2013, Andriy Gapon wrote: > >>> I run virtualbox in KDE environment. A while ago (can't say > >>> exactly when) I started to have a problem where any file opening > >>> dialog would fail with this message: "Cannot talk to klauncher: > >>> Not connected to D-Bus server" > >>> > >>> I found that setting KDE_FORK_SLAVES=1 in environment works around > >>> the problem. > >> > >> I reported this same problem in this[1] thread on freebsd-ports@. > >> In that post I provided a link to a similar report for KDE on > >> openSUSE that required a dbus patch to fix. > >> I'm guessing that either the latest versions of VirtualBox have a > >> bug in their dbus interface, or the version of dbus we have needs > >> to be updated. > >> [1] http://lists.freebsd.org/pipermail/freebsd-ports/2013-July/084783.html > > I saw those OpenSUSE reports but I think that they were against the > > much older version of dbus. > I have done some more investigation and the problems turns out to be dbus > related indeed. > The problem has only a tangential relation to KDE, so I plan to drop > kde@ from this thread. It has a relation to what VirtualBox does, so > I am keeping emulation@. It is related to dbus and gnome@ is its > maintainer(s). It is also related to how issetugid(2) works, so I am > including standards@, security@ and hackers@. So, please excuse me for > such a wide distribution list, but I think that the solution should be > negotiated among the parties involved. > Now a description of the problem. > 1. VirtualBox executable is installed setuid root. Apparently, when > it is run it does some privileged things and then drops all of the > uids and gids (real, effective and saved) back to what they should > have been originally. VirtualBox does not do any (re-)exec of itself > after the above manipulations. > 2. issetugid(2) (which is apparently a BSD extension) on FreeBSD does > not consider the above manipulations as sufficient to mark an > executable as untainted. So it would return 1 for the VirtualBox > process. The manipulations do not guarantee that all privileged information and descriptors are no longer in the process. Often, a process will acquire some privileged resource and then drop to user credentials; for example, a raw socket in ping(8). Also, calls like getpwuid() might leave privileged information in memory. > 3. dbus code seems to impose some limitations on communication by such > "tainted" processes. It has the following code: > http://cgit.freedesktop.org/dbus/dbus/tree/dbus/dbus-sysdeps-unix.c#n4139 > For web-impaired :) the gist is that on BSD systems the code uses > issetugid but on other systems (like Linux) it uses getresuid and > getresgid and checks that all 3 uids are the same and all 3 gids are > the same. > As a result, on FreeBSD the dbus code would consider the VirtualBox > process tainted and that impairs its communication with KDE > components. On systems without issetugid or those that implement it > differently, dbus would work as for a normal process and all the > communications are OK. > I've also verified this conclusion by forcing dbus to use the > alternative logic on FreeBSD. I think dbus is doing the right thing on BSD and the getresuid/getresgid-based check on Linux is a bug. This bug was reported on https://bugs.freedesktop.org/show_bug.cgi?id=52202 however it was decided not to fix the bug because gnome-keyring-daemon relies on it. The gnome-keyring-daemon obtains cap_ipc_lock privilege (capability in Linux terms) from the filesystem and needs untrusted environment variables to work. (Note that this also means that moving a program from setuid root to capabilities may decrease security, since dbus and glib no longer know to be careful.) > So, possible solutions: > A. change how issetugid(2) works on FreeBSD; a comment in > sys_issetugid hints that other BSDs may have different behaviors I think it works correctly. By the way, issetugid(2) man page appears a bit too focused on UIDs/GIDs. The implementation also sets the bit (and rightly so) if MAC causes a transition on execve(2) or if jail_attach(2) is called. > B. change VirtualBox to be friendly to FreeBSD issetugid(2) and exec itself > after dropping the privileges This would be good, but it may need invasive changes to VirtualBox that its developers do not want to make. > C. patch dbus port to not use issetugid(2) This may open up security holes. > D. something else Two ideas. Firstly, a hack in VirtualBox that subverts issetugid() or _dbus_check_setuid() somehow may be appropriate. This does not require invasive changes to VirtualBox, and if you want a secure system you do not install VirtualBox anyway. This subversion could be done by overwriting the code of issetugid() or by inserting a dummy implementation of issetugid() with FBSD_1.0 version before libc.so in the lookup order, for example. Secondly, if setting KDE_FORK_SLAVES=1 works around the problem, perhaps KDE should behave that way automatically if it is called from a process with issetugid() true. -- Jilles Tjoelker From owner-freebsd-emulation@FreeBSD.ORG Fri Aug 30 10:37:35 2013 Return-Path: Delivered-To: freebsd-emulation@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 3A888179; Fri, 30 Aug 2013 10:37:35 +0000 (UTC) (envelope-from florent@peterschmitt.fr) Received: from peterschmitt.fr (peterschmitt.fr [5.135.177.31]) by mx1.freebsd.org (Postfix) with ESMTP id 022252962; Fri, 30 Aug 2013 10:37:34 +0000 (UTC) Received: from [192.168.0.128] (4ab54-4-88-163-248-31.fbx.proxad.net [88.163.248.31]) by peterschmitt.fr (Postfix) with ESMTPSA id E54AB6588; Fri, 30 Aug 2013 12:37:33 +0200 (CEST) Message-ID: <522075EB.2080306@peterschmitt.fr> Date: Fri, 30 Aug 2013 12:37:31 +0200 From: Florent Peterschmitt User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130806 Thunderbird/17.0.8 MIME-Version: 1.0 To: freebsd-emulation@freebsd.org, freebsd-x11@freebsd.org Subject: VirtualBox vboxmouse X.org configuration X-Enigmail-Version: 1.5.2 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="EFkfStpbrfWNQ3uFhkMuiabiFXGOUf3l6" X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Aug 2013 10:37:35 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --EFkfStpbrfWNQ3uFhkMuiabiFXGOUf3l6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Hi, I'm using FreeBSD 9.2-RC3 and VBox 4.2.16 on host & guest. I had to configure X.org this way to get mouse integration: --- Section "ServerLayout" Identifier "X.org Configured" Screen 0 "Screen0" 0 0 Screen 1 "Screen1" RightOf "Screen0" InputDevice "Mouse0" "CorePointer" InputDevice "Mouse1" InputDevice "Keyboard0" "CoreKeyboard" Option "AutoAddDevices" "False" EndSection Section "InputDevice" Identifier "Mouse0" Driver "mouse" EndSection Section "InputDevice" Identifier "Mouse1" Driver "vboxmouse" Option "SendCoreEvents" "True" EndSection --- Does anybody can confirm this is the right way? Using directly the vboxmouse on CorePointer doesn't work at all and disabling integration from VBox host makes the pointer not moving anymore. --=20 Florent Peterschmitt | Please: florent@peterschmitt.fr | * Avoid HTML/RTF in E-mail. +33 (0)6 64 33 97 92 | * Send PDF for documents. http://florent.peterschmitt.fr | * Trim your quotations. Really. Proudly powered by Open Source | Thank you :) --EFkfStpbrfWNQ3uFhkMuiabiFXGOUf3l6 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.21 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSIHXsAAoJEFr01BkajbiB3loP/3be3ejxXL1aiHxUvwkCN4Ra r7haChlUAwvtWDskBN6d++B33ss9EfR/wd/kqn1UkOXuFiY3RHlBt/+iWiuoqV8e KU6KhT1Uv2WEgknf13XQhSVEN2Rhz7+DpTScwHJ7jD8ZNLJK0GiJfT5x1D7Fz1uR oS34ETjfvlbiUzeeOQXRVhp4eBd3CQfRmM0EGPZd5JhLga90wOinQ7+JQTJRZ8Lt kAT2CzG8im8DUsCnX9aV7CSDt4MFKEOyGtCrZDzTscyO9iWSEXnL6eCxYDncez4c 26mGxCVzG03xZtwOEoayNXgwcfP28asNCqMZcQPRSR3LT2imTlxZRmakaR+SGoVI oM+t9vdgiZ2yn6IYeMbA0Ui6rQNgJiRLA+XU5f5sIwJTKXMDVsse/WyZ2H6/eAnG BS/UH7bTBf/Qmi8usyRU3TkR5ole2cbt/qPg+QruJCcgpkRsOkEtaspNk5n1zSsZ 3qnqQoNP9BnbKun0G3CGFjSbVx33SvmPwmBZ3Lv9zuLEqWhzwqNAs5BCdmBrbAKv nUO5WkGOIVdXP9ZOemnl3/BmypLUz9rfRCsEFynJMNyndkJivBYcVw9d5Vvc69WF ZmiLzDBoLSPo4mkSZwpBlAsUMR/YeFG14ggcacWRXcpgPOsJr9OUgfEkL4nUoDUu DdzA6T+AihDOpggadbFC =5e+c -----END PGP SIGNATURE----- --EFkfStpbrfWNQ3uFhkMuiabiFXGOUf3l6--