From nobody Mon May 13 17:47:41 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdRlg1hK3z5Kgmw
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 13 May 2024 17:47:43 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VdRlg0tPSz4MkJ
	for <freebsd-hackers@freebsd.org>; Mon, 13 May 2024 17:47:43 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1715622463;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fNXVa3VPm5FrB8Wt75J3T5VrQS7H7oy1C+R10ipnwgI=;
	b=JMcVdramOWTh5SvCCSikVnbN7jNLmx8g8lTNtHfCXMzrYhdZpeHkL4NCOIfHEJnzpS1zte
	qg8nlY6c19lITzG/nWfPrgymENT5mFprzpawP9DO7m8L6rc2w9Mh34vZoq9Un3JTA86hVf
	7t9mDsXPy7V/Zt8sAnleGsv6k8biQgFe70KMTvghg2GTf75sNMFIGliyrY7W6Q4LH/yCXz
	EupqL6UwIzoen0YzYLvNbghqlhQrjenxbV+6IvbiVlfyKW0GcGx/fZPRgE9KPOTpAJ0FnL
	pRnW6uI9pX3Wf5JkOniKtO5oqRrvKkANAUbs/xOq+bdWz40od/di2U1hS78pYg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715622463; a=rsa-sha256; cv=none;
	b=MuxkAlG2HEuh+nS3Sc23vH3VlfERuCA9o2CvQOdWYPuf71AYjQCbFr0JBcVpf+MDmQVY2S
	n6y0IFCSmJc++Stb76kMjotZa1bekYfZPluyGLyVjOGUBXNbeMmVJlCjZhOeP5gxt9T37L
	DL/IcpcdRj/xPPQH7lVyOGC9VMmE5Xg5XJoO9/QtBE69C/i4YEgR5bVifF2Sb8A/mkhTFS
	yAx7vfblBspSn6NpI8gcbvvecmSWBS8FBzoiDc9U9uy5p4BsU30zC9BfeqgUMdWveU5vF5
	BGbQQ2uC0a5MMBqgoQQpCKl4uvg2NvZJGeh1VDPqNv6a0AklykQ6x90PVz5/3w==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1715622463;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fNXVa3VPm5FrB8Wt75J3T5VrQS7H7oy1C+R10ipnwgI=;
	b=bntDTVTTmyxIy1LJ04Y1MZ91Od1W+w/VWDRTO6cBxojRKcFcMthVxylpCG/9oW66g5XakH
	S+bns+SifhV2eYfdQEw1gPY9O2gZppPps5E9uCeqceL6qUZ5oX5narq/BnKt67XFCU08QE
	mEm1/+Rg6q0Ksw8qLMs2km6hA59XOgiUhXldN9x8KTNQlugH21CkvWSlyIHeuWqfVhUOEd
	b2FCBnNMBH6QYHEDh53MxUwF4YI245H8OK9O+VwBGTy9CWFAu57rogdUg39bDLu4qsUocb
	L6k8mXnhRD3RR/O9ZQRQxHcSafRivfobb8LDMDUhQ+a6OJ3Yyi2wDj0q7T7aFw==
Received: from [10.9.4.95] (unknown [209.182.120.176])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: kevans/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4VdRlf6Q75zHm7
	for <freebsd-hackers@freebsd.org>; Mon, 13 May 2024 17:47:42 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Message-ID: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
Date: Mon, 13 May 2024 12:47:41 -0500
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
From: Kyle Evans <kevans@FreeBSD.org>
Subject: Initial implementation of _FORTIFY_SOURCE
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Hi,

As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported 
an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE is an 
improvement over classical SSP, doing compiler-aided checking of stack 
object sizes to detect more fine-grained stack overflow without relying 
on the randomized stack canary just past the stack frame.

This implementation is not yet complete, but we've done a review of 
useful functions and syscalls to add checked variants of and intend to 
complete the implementation over the next month or so.

Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the 
buildworld env -- I intend to flip the default to 2 when WITH_SSP is set 
in the next month if nobody complains about serious breakage.  I've 
personally been rolling with FORTIFY_SOURCE=2 for the last three years 
that this has been sitting in a local branch, so I don't really 
anticipate any super-fundamental breakage.

Thanks,

Kyle Evans

From nobody Mon May 13 18:09:24 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdSDl2zqKz5KjGF
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 13 May 2024 18:09:27 +0000 (UTC)
	(envelope-from cy.schubert@cschubert.com)
Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "Client", Issuer "CA" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VdSDl16Lhz4R3t;
	Mon, 13 May 2024 18:09:27 +0000 (UTC)
	(envelope-from cy.schubert@cschubert.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: from shw-obgw-4003a.ext.cloudfilter.net ([10.228.9.183])
	by cmsmtp with ESMTPS
	id 6W4YsJBFsdrxE6a74sVzO5; Mon, 13 May 2024 18:09:26 +0000
Received: from spqr.komquats.com ([70.66.152.170])
	by cmsmtp with ESMTPSA
	id 6a72s0hflByQr6a73sOwlo; Mon, 13 May 2024 18:09:26 +0000
X-Auth-User: cschuber
X-Authority-Analysis: v=2.4 cv=UOF+Hzfy c=1 sm=1 tr=0 ts=66425756
 a=y8EK/9tc/U6QY+pUhnbtgQ==:117 a=y8EK/9tc/U6QY+pUhnbtgQ==:17
 a=kj9zAlcOel0A:10 a=TpHVaj0NuXgA:10 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8
 a=EkcXrb_YAAAA:8 a=c9nf7SV_VUKgHcmH2i4A:9 a=CjuIK1q_8ugA:10
 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=LK5xJRSDVpKd5WXXoEvA:22
Received: from slippy.cwsent.com (slippy [10.1.1.91])
	by spqr.komquats.com (Postfix) with ESMTP id 55C7010A2;
	Mon, 13 May 2024 11:09:24 -0700 (PDT)
Received: by slippy.cwsent.com (Postfix, from userid 1000)
	id 29C872B4; Mon, 13 May 2024 11:09:24 -0700 (PDT)
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev
Reply-to: Cy Schubert <Cy.Schubert@cschubert.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
X-os: FreeBSD
X-Sender: cy@cwsent.com
X-URL: http://www.cschubert.com/
To: Kyle Evans <kevans@FreeBSD.org>
cc: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
Subject: Re: Initial implementation of _FORTIFY_SOURCE
In-reply-to: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
Comments: In-reply-to Kyle Evans <kevans@FreeBSD.org>
   message dated "Mon, 13 May 2024 12:47:41 -0500."
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Mon, 13 May 2024 11:09:24 -0700
Message-Id: <20240513180924.29C872B4@slippy.cwsent.com>
X-CMAE-Envelope: MS4xfJfzvAMDyt6hOqkW/3aVbRXhK2AirIYQmaA0ZQqNiAwI7YukUshBQZk0p4wp7yLgYcMuqamYt6UA2lrPnRinqR1wanPbftjABCVOfbjsTIdueehW00Ol
 T6Hedk5CIfrGph/P7Y3G4Yqchdm0I93HgNR2MxcrUhomNkOZsfpx7mcRTU6tgmrSqNVzyWMNaoZDAarj/UVnrgwTYG+M1VEcq1/+9Z0E7cKp4J0LpRwMNqXx
 ptNqFxw8CAccTcqHvusLzw==
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US]
X-Rspamd-Queue-Id: 4VdSDl16Lhz4R3t

In message <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>, Kyle Evans 
write
s:
> Hi,
>
> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported 
> an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE is an 
> improvement over classical SSP, doing compiler-aided checking of stack 
> object sizes to detect more fine-grained stack overflow without relying 
> on the randomized stack canary just past the stack frame.
>
> This implementation is not yet complete, but we've done a review of 
> useful functions and syscalls to add checked variants of and intend to 
> complete the implementation over the next month or so.
>
> Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the 
> buildworld env -- I intend to flip the default to 2 when WITH_SSP is set 
> in the next month if nobody complains about serious breakage.  I've 
> personally been rolling with FORTIFY_SOURCE=2 for the last three years 
> that this has been sitting in a local branch, so I don't really 
> anticipate any super-fundamental breakage.

Should this trigger a __FreeBSD_version bump?


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0



From nobody Mon May 13 18:57:26 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdTJ86Ds4z5KmtV
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 13 May 2024 18:57:28 +0000 (UTC)
	(envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-io1-xd33.google.com (mail-io1-xd33.google.com [IPv6:2607:f8b0:4864:20::d33])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VdTJ84823z4bXD
	for <freebsd-hackers@freebsd.org>; Mon, 13 May 2024 18:57:28 +0000 (UTC)
	(envelope-from shawn.webb@hardenedbsd.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-io1-xd33.google.com with SMTP id ca18e2360f4ac-7e1d924b0b0so82585139f.1
        for <freebsd-hackers@freebsd.org>; Mon, 13 May 2024 11:57:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=hardenedbsd.org; s=google; t=1715626647; x=1716231447; darn=freebsd.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=n8vu5eXVbU32m2Rt3vEhIBgGc/G6o8sUBCV7DkFZN2Q=;
        b=eYVA2VQ3S8rOu7jotxTxxTLBfzArR7mprZ+G2+yuBaDfs6tHLZzxYXonpr331ANl9a
         Vs/yIVthDYtFu0sftUXj23UBUdQDApDj/H9G0twVcf77+G+oTu/2pi2xC0W8pNJrZdNp
         cpX2SB05lP/Dln2H8P2ETblOp2cuvfP2Vqefw41mVGtR/c7c2X/KSod0DK8jdvs2SfYX
         qkSL0N6Gi9ho/tlnGSUQ6iQNrOXZDBP/XBAGbTWSZNsT5P2N6P8eEkCvvgX0fNwNLpck
         1XCY9zeiBep72yq/p9iPvfVELzL0gJ7a3TZuRrzXyn76zvlFL7cMyFR+HQzFDGO/+YJE
         yI0Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715626647; x=1716231447;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=n8vu5eXVbU32m2Rt3vEhIBgGc/G6o8sUBCV7DkFZN2Q=;
        b=ZeKvbVfKfo3FThHORyci44RIMqbRTEMIUwezUEf0UZgubd8fzJJ9XTVQex/S1QWDti
         t9pj/3gHrlGpdp1hShBspRwiLYS4SSZ1f+e+SpkZpyItTCj7MnMvYosGs1D+daRqPzyq
         0Rrvjxq96b23BqJxwl/CI366ayTCm4a0lKfPyUFvd5AxTE7EXBCE7XZoSMBzu7MPpX9x
         A5zRioQGONk0teystMGdtJoH1W4/T9P1/uXrODpmOe2+APpJ0ma3VUWzGxqkvpZUuJVO
         LeVJihmqHN5bz+M3a12SR0WkZMzqaCXAWmIoTbjVWuC/myZmuU13I5JtX8XS0gStjr5U
         8/RA==
X-Forwarded-Encrypted: i=1; AJvYcCUz0hcTBqa5GXwRav6Iou8z8ci6TJv+DTG9Xl24bpt/6n4WpNDwC0BHCgra5ze5/2rEoyLfD3Z3HgXa2Zobv6TrgHEAkUrrTSug86g=
X-Gm-Message-State: AOJu0YxgZwJ/+QGLp/PRBTvpaGVWfdDdpn9FDlnNd850IogJO2Db3JYo
	qE8dsT5WYGwitVTrWQARsi8Pk1KGyIsjmQpmdoF0WuLzyzFw2kF8Eh2G2Cr+14FMBaiRlEdF3mm
	h
X-Google-Smtp-Source: AGHT+IG+Qc7j361JvObbOe5V3jTFy42kj+2BUsCMMjsoNMHPkzaJlcbcuk2tM9YxjYN8WEZ+JvDJEA==
X-Received: by 2002:a05:6602:14d:b0:7de:a980:f210 with SMTP id ca18e2360f4ac-7e1b51aaa9amr1091585639f.3.1715626647670;
        Mon, 13 May 2024 11:57:27 -0700 (PDT)
Received: from mutt-hbsd ([184.99.37.29])
        by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-4893700e215sm2637951173.12.2024.05.13.11.57.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 13 May 2024 11:57:26 -0700 (PDT)
Date: Mon, 13 May 2024 18:57:26 +0000
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Cy Schubert <Cy.Schubert@cschubert.com>
Cc: Kyle Evans <kevans@freebsd.org>, 
	"freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
Subject: Re: Initial implementation of _FORTIFY_SOURCE
Message-ID: <hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx@6nmq3uczc7y4>
X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD
 15.0-CURRENT-HBSD 
X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <20240513180924.29C872B4@slippy.cwsent.com>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="nmt567hh7ns2zacp"
Content-Disposition: inline
In-Reply-To: <20240513180924.29C872B4@slippy.cwsent.com>
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4VdTJ84823z4bXD


--nmt567hh7ns2zacp
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote:
> In message <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>, Kyle Evans=
=20
> write
> s:
> > Hi,
> >
> > As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported=
=20
> > an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE is a=
n=20
> > improvement over classical SSP, doing compiler-aided checking of stack=
=20
> > object sizes to detect more fine-grained stack overflow without relying=
=20
> > on the randomized stack canary just past the stack frame.
> >
> > This implementation is not yet complete, but we've done a review of=20
> > useful functions and syscalls to add checked variants of and intend to=
=20
> > complete the implementation over the next month or so.
> >
> > Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=3D2 in th=
e=20
> > buildworld env -- I intend to flip the default to 2 when WITH_SSP is se=
t=20
> > in the next month if nobody complains about serious breakage.  I've=20
> > personally been rolling with FORTIFY_SOURCE=3D2 for the last three year=
s=20
> > that this has been sitting in a local branch, so I don't really=20
> > anticipate any super-fundamental breakage.
>=20
> Should this trigger a __FreeBSD_version bump?

I would encourage that so to help the ports tree determine
availability of the import.

Additionally, I've enabled _FORTIFY_SOURCE in HardenedBSD base[1] and
ports[2]. For base, it's only set (and to 2 by default) when MK_SSP is
set to yes. In ports, it's set by default except for ports that have
"kmod" in their USES.

Are there any plans to support _FORTIFY_SOURCE in the kernel?

[1]:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/927fd28755da27=
c5dd2b1b0d0396c93db585f933
[2]:
https://git.hardenedbsd.org/hardenedbsd/ports/-/commit/3d7dcd284ce3083103ed=
d6b28b3d232abbfeaa63

Thanks,

--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A=
4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

--nmt567hh7ns2zacp
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmZCYo8ACgkQ/y5nonf4
4foM+A/9EleLWXUn6ckmHS1ujmx3Xpyc6ikwQ+42vyF4iOuYVXDvmH1bCQ9y3ZaN
NkGT3ngGF8zcnoCPF9/DRK4BYE6ZnkMFokoz5pMvPGgD/xd1PIIv3cmpGTE67Lqy
a3qLzX4N0jNwsPQuv5jzzWvTEDCEb5VpzVjiNRJfAtOf1FnzwEvB5plK9KwuQ89x
U7mjtF/AFaZ3wJ/FTq2exv4HADEbv48wjDLk+M9UMQtBZOd4cBZquZKTtfxeboQD
jPNzyMO3pdWCfBz6fbCMNbXMlo+/+LCUXu2YRuc4BbQQmFitKCP4iXD4xUrGGcba
0oV4xe3aW7l1DzEgQVHW5BOQTNm1hc68ynol27SQLQppKZJXe8SSxMlNZE52sQJw
BpDN/DC5dcAnxKDwBvLYr5TQaZETjS+AoohaYgPS2z1ocUtaZZKbbhZYtGf3yAeF
yoJtgJVOhhTqzE8QhTdtBx61RN1syNL5geDTo1U1F02kQb5H2+DVdvb/bxnm2kJi
7pxfm8/U5gV73aT1XTzGIYSnqrNbzRVkSvMYqgvWrhGb2SYNFPBa9fazouBOPvqa
epwapkvkH/KWStOfc2gfxqx1vLcElj7Jg3oxG9Rv4hCYZMEZnXSJztNXiS3gxQxu
CygJbBVpXyGBQvUJpVmDioqv+JD2lllWi426P6RNvBbk5Yl4Ujc=
=mYBY
-----END PGP SIGNATURE-----

--nmt567hh7ns2zacp--

From nobody Mon May 13 23:05:17 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdZpP1s4mz5L6tM
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 13 May 2024 23:05:33 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Received: from www121.sakura.ne.jp (www121.sakura.ne.jp [153.125.133.21])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VdZpN2mkBz45Hy;
	Mon, 13 May 2024 23:05:31 +0000 (UTC)
	(envelope-from junchoon@dec.sakura.ne.jp)
Authentication-Results: mx1.freebsd.org;
	none
Received: from kalamity.joker.local (123-1-21-232.area1b.commufa.jp [123.1.21.232])
	(authenticated bits=0)
	by www121.sakura.ne.jp (8.17.1/8.17.1/[SAKURA-WEB]/20201212) with ESMTPA id 44DN5HuD001460;
	Tue, 14 May 2024 08:05:17 +0900 (JST)
	(envelope-from junchoon@dec.sakura.ne.jp)
Date: Tue, 14 May 2024 08:05:17 +0900
From: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>
To: Shawn Webb <shawn.webb@hardenedbsd.org>
Cc: Cy Schubert <Cy.Schubert@cschubert.com>, Kyle Evans
 <kevans@freebsd.org>,
        "freebsd-hackers@FreeBSD.org"
 <freebsd-hackers@freebsd.org>
Subject: Re: Initial implementation of _FORTIFY_SOURCE
Message-Id: <20240514080517.36f218aa3a054aa2cba99b0d@dec.sakura.ne.jp>
In-Reply-To: <hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx@6nmq3uczc7y4>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
	<20240513180924.29C872B4@slippy.cwsent.com>
	<hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx@6nmq3uczc7y4>
Organization: Junchoon corps
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:7684, ipnet:153.125.128.0/18, country:JP]
X-Rspamd-Queue-Id: 4VdZpN2mkBz45Hy

On Mon, 13 May 2024 18:57:26 +0000
Shawn Webb <shawn.webb@hardenedbsd.org> wrote:

> On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote:
> > In message <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>, Kyle Evans 
> > write
> > s:
> > > Hi,
> > >
> > > As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported 
> > > an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE is an 
> > > improvement over classical SSP, doing compiler-aided checking of stack 
> > > object sizes to detect more fine-grained stack overflow without relying 
> > > on the randomized stack canary just past the stack frame.
> > >
> > > This implementation is not yet complete, but we've done a review of 
> > > useful functions and syscalls to add checked variants of and intend to 
> > > complete the implementation over the next month or so.
> > >
> > > Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the 
> > > buildworld env -- I intend to flip the default to 2 when WITH_SSP is set 
> > > in the next month if nobody complains about serious breakage.  I've 
> > > personally been rolling with FORTIFY_SOURCE=2 for the last three years 
> > > that this has been sitting in a local branch, so I don't really 
> > > anticipate any super-fundamental breakage.
> > 
> > Should this trigger a __FreeBSD_version bump?
> 
> I would encourage that so to help the ports tree determine
> availability of the import.

If it can be enabled/disabled with sysctls/tunables on runtime/boottime,
bump should be preferred. Maybe this isn't yet the case here, IIUC.

But if it could be done only on build time with WITH_ or WITHOUT_ knob
ad not yet enabled by default for now, now ins't the time to bump.
Bump should be done when it becomes to be built by default.

Bump for non-default build time knob should force poudriere[-devel]
users massive unneeded rebuilds. So should be avoided, if it still
cannot switch on boot or runtime.


> Additionally, I've enabled _FORTIFY_SOURCE in HardenedBSD base[1] and
> ports[2]. For base, it's only set (and to 2 by default) when MK_SSP is
> set to yes. In ports, it's set by default except for ports that have
> "kmod" in their USES.
> 
> Are there any plans to support _FORTIFY_SOURCE in the kernel?
> 
> [1]:
> https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/927fd28755da27c5dd2b1b0d0396c93db585f933
> [2]:
> https://git.hardenedbsd.org/hardenedbsd/ports/-/commit/3d7dcd284ce3083103edd6b28b3d232abbfeaa63
> 
> Thanks,
> 
> -- 
> Shawn Webb
> Cofounder / Security Engineer
> HardenedBSD
> 
> Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
> https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc


-- 
Tomoaki AOKI    <junchoon@dec.sakura.ne.jp>

From nobody Tue May 14 03:16:07 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdhMd5JQFz5KF2s
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 03:16:13 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VdhMd4bTBz4TjK;
	Tue, 14 May 2024 03:16:13 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1715656573;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Cju8FxDfeI/LuXW2tma5aRCm7mopFWVlE+XxIfPFWhE=;
	b=MLHKc/jogkDYxpYZXZXkFkZ4P2knphVNSG+NRVj6iGvEcIfW4l+DtyHUmOH0J31rPIzG70
	SQDa2wpxieHEMuiwjVKP/pdt/4gCjVqa8a2ZKvUac6a5Fum935lLZbw6mD39p//FHaIU9Q
	AARRH4U5HW49cN52WErv8wXnltNz5ClBOooky+XwfL+vEfnVlqKe8XRPr7ftRtEueTr7C4
	PIZi950iDckmTryq9+Q7/CSxMH/HQx3LQ3bpMIyWsBhoKZIl8/3N6SnA2ExZTwMcUJcDmy
	lgDPWu+rPz0sLm3JoEWnTA+98sOXvXSt+NOyjt9XEyC9fe02nb6quR9BDCbIFQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715656573; a=rsa-sha256; cv=none;
	b=rVBb/PWgGB52Ei68VOyvMLRGsJTo3uyoxoLlzU5ubXbFLo5n1bss2Y6Y6BdtIePLSutWw7
	fUFP2eVmYtSQQgVpid/1lcmMXK2oMDz5cAU74+dHYRMPj637JbbqJob1VfJU487pOB5f9z
	mnbUM4URW3/je2psOFntlYq6fareRKJq3qV56bEDF7OfnHr4X8c1/y5KZKh4PJ/ihkN7Dt
	xzdDLrp/mrbtTLy4RRNuVKf3iJPdqLzajC0GRZQQhfZcKjVvp3eFGgwWY7JeBLK24sAeDj
	CEn5X/PWYaak7p3eEkQQeAt83CKN2COoqmlskuvhYqRjg/nZ1zaAae7GiU5bWQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1715656573;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=Cju8FxDfeI/LuXW2tma5aRCm7mopFWVlE+XxIfPFWhE=;
	b=qRWJvHLlwraILkrrPzo64eDzEm4nFG924lPxXQk3pZIIV/DQewYRiwK1Z1+OEwTMxZ2I4N
	C1quWiSqt+wX/F+kSd5Dh/1kcUx/NapI1MLAEgpiq2w20HtCW6BWkAvZqacyPGqWLFvfFl
	c7nNx91LCQ4X+RlOwPo+xGmklaLvkQgOMyg0ZBEAE77HeiztNH1EzsM4dAIKSy2af17VNP
	CCNewO0MlHKTx0YqAsZn93+kKER1nZ/JVJlZgcJhUrR7ccX7Qt5jD/75kY0BMZc5cz4cLf
	G3B3L4+DCovQx2IRvLt5FwlhwmtFGU6skSG1l++TywLG+5qW4E9DsDCOq+cDjw==
Received: from [10.9.4.95] (unknown [209.182.120.176])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: kevans/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4VdhMd1Kq5zWBH;
	Tue, 14 May 2024 03:16:13 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Message-ID: <9d4a06bc-44fd-4e9a-8615-cd71127fc90e@FreeBSD.org>
Date: Mon, 13 May 2024 22:16:07 -0500
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Initial implementation of _FORTIFY_SOURCE
Content-Language: en-US
To: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>,
 Shawn Webb <shawn.webb@hardenedbsd.org>
Cc: Cy Schubert <Cy.Schubert@cschubert.com>,
 "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <20240513180924.29C872B4@slippy.cwsent.com>
 <hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx@6nmq3uczc7y4>
 <20240514080517.36f218aa3a054aa2cba99b0d@dec.sakura.ne.jp>
From: Kyle Evans <kevans@FreeBSD.org>
In-Reply-To: <20240514080517.36f218aa3a054aa2cba99b0d@dec.sakura.ne.jp>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 5/13/24 18:05, Tomoaki AOKI wrote:
> On Mon, 13 May 2024 18:57:26 +0000
> Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
> 
>> On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote:
>>> In message <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>, Kyle Evans
>>> write
>>> s:
>>>> Hi,
>>>>
>>>> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported
>>>> an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE is an
>>>> improvement over classical SSP, doing compiler-aided checking of stack
>>>> object sizes to detect more fine-grained stack overflow without relying
>>>> on the randomized stack canary just past the stack frame.
>>>>
>>>> This implementation is not yet complete, but we've done a review of
>>>> useful functions and syscalls to add checked variants of and intend to
>>>> complete the implementation over the next month or so.
>>>>
>>>> Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in the
>>>> buildworld env -- I intend to flip the default to 2 when WITH_SSP is set
>>>> in the next month if nobody complains about serious breakage.  I've
>>>> personally been rolling with FORTIFY_SOURCE=2 for the last three years
>>>> that this has been sitting in a local branch, so I don't really
>>>> anticipate any super-fundamental breakage.
>>>
>>> Should this trigger a __FreeBSD_version bump?
>>
>> I would encourage that so to help the ports tree determine
>> availability of the import.
> 
> If it can be enabled/disabled with sysctls/tunables on runtime/boottime,
> bump should be preferred. Maybe this isn't yet the case here, IIUC.
> 
> But if it could be done only on build time with WITH_ or WITHOUT_ knob
> ad not yet enabled by default for now, now ins't the time to bump.
> Bump should be done when it becomes to be built by default.
> 
> Bump for non-default build time knob should force poudriere[-devel]
> users massive unneeded rebuilds. So should be avoided, if it still
> cannot switch on boot or runtime.
> 

It's strictly build time, and I didn't really see the value in bumping 
__FreeBSD_version for it.  I don't see any reason to, e.g., turn it into 
a per-port option that we may not want to have if the feature isn't 
there, and the knob to build it in is a preprocessor define that's 
harmless if the feature isn't actually available.

Thanks,

Kyle Evans

From nobody Tue May 14 07:17:13 2024
X-Original-To: hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vdnjn08QMz5KZbb
	for <hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 07:17:17 +0000 (UTC)
	(envelope-from bapt@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Vdnjm4wWcz4sn6
	for <hackers@freebsd.org>; Tue, 14 May 2024 07:17:16 +0000 (UTC)
	(envelope-from bapt@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1715671036;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=IJYEi3NlRtglIXlh0NZ7yY0x6Nk7nAAo3S70kBm+NoY=;
	b=j2vTnkAgVM2EbA8uU1wNAaeAVmQbfKeUQVFM0ZGBevAdjwTbtiAEVjB63m7jGoZXYvOBOw
	EN0O2tiOkcA3Ku7VtQ1Tb9RBhJDFpqigyPqf0nNvqa5uc9FU9evljnwOAfZpNb3GSSFWNQ
	JzfY0YEHLcSqoxMqrC6SMA25a3tnRnkEJJfu0q+lxAGsRjCsRYmt2hZKb3EEcztuwR0BjD
	l6ggqWt51vYZVrOx06akpmxZkUJF2oyFn7hiLz9I/5pC6PqOFWzzsmiV8naJ/X7Faxer+B
	yJgZNpvuXI05TZ81NnTZT0bBZPIHGZEi0+zdqSmRz7jIburMn5cjUJy9xvPzrA==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715671036; a=rsa-sha256; cv=none;
	b=j+p7k0u3pKJF94UrerM9tla5s5knTdVLJxhnzgsJRgQlq/bD8OgoU0TGiVWxDZ7mX7lBq3
	LFm64y0UtlmLucUYUihed3p64+KlGai47voPrzTdtw4I85Ulsu8WPAR3xTvk9WvlKMZqmL
	VkpBfeaCq8/rXXW4zZq3SEHmoJ1p75P/VCS7VpwIHV3nUxhWuYC4uwKnzqpYUL/i+Rw7bE
	5Ctn3igA5QHlvdmJ+NHKhHHTF4MOF4LfB2O71O4PigSU9k4fkMi5AAWqn6BGhL1Aeo81tM
	Oxz4ZGBGFDHmO1YSN4r2SkQ2NhFkDlN1qkmefCG5dc1sBWldUWrjw9sx6I04Bw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1715671036;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=IJYEi3NlRtglIXlh0NZ7yY0x6Nk7nAAo3S70kBm+NoY=;
	b=WH2E5qDA6haz3pinefi7MzPUh0h/4Zn3TTtBYp+ouKQdETroHI9e4J5sR+3He3GL9iQm5J
	LepIfoWsd2GQpgUhMPU7hDTN6mUOnHHhnOMSsgS3qT6oeho7mHom6o3zEc/cFBMPoitFcd
	EEf2zUePxNPw8Le4gBUlATYG3FgVPGzdPVgsIc3SaN/WBuWFBb1nOUnjL0zSEmINg4a717
	8nEnmLMkn3m+Si6B+Wht4MhDgLt8ptq9wQ8wBgAcCetPefLE0YvMKRYe2lOk+rNr3bnOMk
	w8GCTBqiy4jAyVfGHkbh7Yj3GQTIoJ4TNBQFV9oae0z6t03gkERgECt4WVfS6Q==
Received: from aniel.nours.eu (nours.eu [176.31.115.77])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: bapt)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4Vdnjm3rh9zc4N
	for <hackers@freebsd.org>; Tue, 14 May 2024 07:17:16 +0000 (UTC)
	(envelope-from bapt@freebsd.org)
Received: by aniel.nours.eu (Postfix, from userid 1001)
	id 071136FE82; Tue, 14 May 2024 09:17:14 +0200 (CEST)
Date: Tue, 14 May 2024 09:17:13 +0200
From: Baptiste Daroussin <bapt@freebsd.org>
To: hackers@freebsd.org
Subject: mdo(1) run as another user without setuid bit
Message-ID: <2y3wjlrzgxocjxtwnx7avo5xuukkee4lvfjlppqpm3kfbqsrvt@nfszfoezpz3d>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Hello everyone,

This is an idea that I have been thinking about for a while (actually since
2015) and that I have been trying to implement a couple of days ago.

On server usage of FreeBSD one thing which often happen is we segregate services
with their own users (service_user).

We also give access to the administrators of those services via their own ssh
keys on their own user (foo) account and of course we want to allow "foo" to run
some commands as "service_user" or get "service_user" privileges.

Usually this is done via some sudo or some doas configuration which both
involved first become root via the setuid bit.

In many cases doas or sudo are overkill for this sole purpose. To cover this
need, I thought we could write a very simple tool which will leverage the mac
framework to make sure we could switch credentials without the need of the
setuid root.

Here comes the idea of mac_do(4) policy.

This is a kernel module policy which allows calling setuid and setgroup from a
non root user, according to some policy root and if the request comes from the
/usr/bin/mdo binary.

The policy are set via sysctl(8):

security.mac.do.rules

which contains a list of rules separated with coma, for example:
uid=1001:80,gid=0:1003,uid=1002:*

which can be translated as:
the user which id is 1001 can become uid 80
the users belonging to the group which id is 0 can become any user 1003
the user which id is 1002 can become any user.

This is only intended to allow full access to the target user, this is not
intended to provide fine grain accès like sudo, doas or userv can do.

Here is an implementation of this idea:
https://reviews.freebsd.org/D45145

Best regards,
Bapt

From nobody Tue May 14 07:21:09 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vdnpt3YnPz5KZth
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 07:21:42 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (P-256) client-digest SHA256)
	(Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Vdnps3Vnlz4tWM;
	Tue, 14 May 2024 07:21:41 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Authentication-Results: mx1.freebsd.org;
	none
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net;
	s=outgoing-alex; t=1715671288;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=157bCKsIqpGdcYzyWhkdFG3ISMupkgF1iJg9hgO1YZc=;
	b=kB7WwNUAGM3zbXlCCkNjzgqIppBKxC7s+MCBIWfPn6zQc8xLj5ju4k9YILv7Y81Imk6JfF
	Fa6Xug3j/4AewYjeVYVJzX2dtmQqHALxWdL9kV8aE5U84B9CgMRBf9MUmqcgK3HMthQc3F
	XoqMvpEKKSAov+5urqB3EcBfmNd6fJHMWWCXCQhlYbKAVb6oluJWdEvkAUNt4q4ussCoZD
	CAg/IqjaIHDMZxS9pdhGBC6LASNVhZR7Pvk9ELpyYavyv1YCE2DM60zFr4ANs/I/CRVnmW
	zLHqGrz0bXEkz5Y83Wcr0x6HRh8kvzivFfAc0BP2UUY1ymbwNMBZGRA+kE/eSQ==
Date: Tue, 14 May 2024 09:21:09 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Kyle Evans <kevans@freebsd.org>
Cc: Tomoaki AOKI <junchoon@dec.sakura.ne.jp>, Shawn Webb
 <shawn.webb@hardenedbsd.org>, Cy Schubert <Cy.Schubert@cschubert.com>,
 "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
Subject: Re: Initial implementation of _FORTIFY_SOURCE
In-Reply-To: <9d4a06bc-44fd-4e9a-8615-cd71127fc90e@FreeBSD.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <20240513180924.29C872B4@slippy.cwsent.com>
 <hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx@6nmq3uczc7y4>
 <20240514080517.36f218aa3a054aa2cba99b0d@dec.sakura.ne.jp>
 <9d4a06bc-44fd-4e9a-8615-cd71127fc90e@FreeBSD.org>
Message-ID: <5544c172efe031ecdbabd2a93980cdd5@Leidinger.net>
Organization: No organization, this is a private message.
Content-Type: multipart/signed;
 protocol="application/pgp-signature";
 boundary="=_db35927c167ebdf8a095bc77611cda05";
 micalg=pgp-sha256
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE]
X-Rspamd-Queue-Id: 4Vdnps3Vnlz4tWM

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_db35927c167ebdf8a095bc77611cda05
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

Am 2024-05-14 05:16, schrieb Kyle Evans:
> On 5/13/24 18:05, Tomoaki AOKI wrote:
>> On Mon, 13 May 2024 18:57:26 +0000
>> Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
>> 
>>> On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote:
>>>> In message <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>, Kyle 
>>>> Evans
>>>> write
>>>> s:
>>>>> Hi,
>>>>> 
>>>>> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've 
>>>>> imported
>>>>> an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE 
>>>>> is an
>>>>> improvement over classical SSP, doing compiler-aided checking of 
>>>>> stack
>>>>> object sizes to detect more fine-grained stack overflow without 
>>>>> relying
>>>>> on the randomized stack canary just past the stack frame.
>>>>> 
>>>>> This implementation is not yet complete, but we've done a review of
>>>>> useful functions and syscalls to add checked variants of and intend 
>>>>> to
>>>>> complete the implementation over the next month or so.
>>>>> 
>>>>> Please test _FORTIFY_SOURCE out now by setting FORTIFY_SOURCE=2 in 
>>>>> the
>>>>> buildworld env -- I intend to flip the default to 2 when WITH_SSP 
>>>>> is set
>>>>> in the next month if nobody complains about serious breakage.  I've
>>>>> personally been rolling with FORTIFY_SOURCE=2 for the last three 
>>>>> years
>>>>> that this has been sitting in a local branch, so I don't really
>>>>> anticipate any super-fundamental breakage.
>>>> 
>>>> Should this trigger a __FreeBSD_version bump?
>>> 
>>> I would encourage that so to help the ports tree determine
>>> availability of the import.
>> 
>> If it can be enabled/disabled with sysctls/tunables on 
>> runtime/boottime,
>> bump should be preferred. Maybe this isn't yet the case here, IIUC.
>> 
>> But if it could be done only on build time with WITH_ or WITHOUT_ knob
>> ad not yet enabled by default for now, now ins't the time to bump.
>> Bump should be done when it becomes to be built by default.
>> 
>> Bump for non-default build time knob should force poudriere[-devel]
>> users massive unneeded rebuilds. So should be avoided, if it still
>> cannot switch on boot or runtime.
>> 
> 
> It's strictly build time, and I didn't really see the value in bumping 
> __FreeBSD_version for it.  I don't see any reason to, e.g., turn it 
> into a per-port option that we may not want to have if the feature 
> isn't there, and the knob to build it in is a preprocessor define 
> that's harmless if the feature isn't actually available.

Ports: We have WITH_PIE, WITH_BIND_NOW and WITH_RELRO (e.g. for 
make.conf) which enables those build time options globally. Ports then 
can have e.g. PIE_UNSAFE=yes to opt-out of WITH_PIE builds. I think it 
would be beneficial if we get something similar for FORTIFY. I already 
use all of the afore mentioned options in my own builds (and have 
provided NO_PIE hints where it fails), and I would surely give a similar 
FORTIFY option a try.

On a somewhat related note, has someone already played with CFI 
(https://clang.llvm.org/docs/ControlFlowIntegrity.html)?

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF

--=_db35927c167ebdf8a095bc77611cda05
Content-Type: application/pgp-signature;
 name=signature.asc
Content-Disposition: attachment;
 filename=signature.asc;
 size=833
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmZDEPQACgkQEg2wmwP4
2IZdUw//WgD8ibpOJbLrZVKvGIr0tZpvAnrbVYoLlqvqShRNFd9Q47g3eoa2wAwW
eTCv2+nzLG427JmrfhUfiN8aEPIdOFgvOacu8tOzoRJbkXxXrDJPtmHQdtGvWCFN
ozROeN7EhYen5Iuqol9bqz30wFhzbnn5gQkqSwwegIiddwW6InV7NXgQpd1lJaSm
eLWO3nixsXaTFjHk+QAQAG1I5HcACZf8goW7vsa+uZhZOjHRPpTT8AXuIz/9xj1g
5g5b9l8ThpkqFDGJwT9Mi88Pce+yaHQa+kIYibEwXY5chaNYMcY3lXcp92aVCWM9
MSxwJ2NwJDhIUJwObK3FUUKdAS75sGqxBNbf0Z5sJZqPeEVKeJ5YrnHok0GAcRWB
PBye/cSP15vx0aPoQ01E8nZ+8w1YLugWJCBNb2oYPDDSV8BB7WJH/D75AwbN6zX1
ctGAT2Y4K5Y0oXKOW0wJk2EWn2acACNW0QoNQVwkbi65dkTD/6ELp5eI0T3BOH1J
Sh+JIkScFQ2a8mqLFs7vdGQ26cRJEcbYwfXG8BTX9n2BYgh5aDNSgHYErYrdFIW1
BIpyvDkcOUXTr6curuu3ZxSryUUXD3d7grQfIgFSa5cakk+4LDn0U1quCp2LijA/
9qGYbx+47z8eaKjS5a6T09oXTyoAs/yR00trFOMDKN8KzzXEgsc=
=6FM1
-----END PGP SIGNATURE-----

--=_db35927c167ebdf8a095bc77611cda05--

From nobody Tue May 14 12:47:03 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vdx2n5vXzz5K3BL
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 12:47:29 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (P-256) client-digest SHA256)
	(Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Vdx2n2VYNz4JBf;
	Tue, 14 May 2024 12:47:29 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Authentication-Results: mx1.freebsd.org;
	none
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net;
	s=outgoing-alex; t=1715690841;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=xiDqMmgcxZ1XsxYpzL5la2Xu97Y3zghlKmeeOXFsuhc=;
	b=Kol7yy5S6YRe/Q0ul6g1Xvb35bZ8kD4nK6nfKROSLCvnA8hyQW3Ep9YCaCLPqIJDRUIOwS
	zkOWE/ZK8N7GOgWJITgeY5uzIGztlVnOKZfxp8vdFEuCCQ0EcsxQN7KYw3NoPd/ygXydtR
	iXE+8OU3zdJ0nHGVHq6qJ0iamY8ezvSbK1WFd78eKWzhuYgGiNT6hKp8gnDFUhLAUCj9sL
	IEgQUsN/QWgnXDs9/qwtJ4Yo4urBJODfU3qZAi5pZlDT2ND9McVNrIf/C3bcu1BQNtcsmm
	UYP/7AYTzeqatfeT5pwuIb4uboL9NQh9tLf2YLyah85tJGjC2yf1f81+ZgQlYw==
Date: Tue, 14 May 2024 14:47:03 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Kyle Evans <kevans@freebsd.org>
Cc: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
Subject: Re: Initial implementation of _FORTIFY_SOURCE
In-Reply-To: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
Message-ID: <83ac28b8e8e79866facbde716b051340@Leidinger.net>
Organization: No organization, this is a private message.
Content-Type: multipart/signed;
 protocol="application/pgp-signature";
 boundary="=_a86ef231b52f32732eaa0ca443f44a8f";
 micalg=pgp-sha256
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE]
X-Rspamd-Queue-Id: 4Vdx2n2VYNz4JBf

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_a86ef231b52f32732eaa0ca443f44a8f
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

Am 2024-05-13 19:47, schrieb Kyle Evans:
> Hi,
> 
> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported 
> an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE is 
> an improvement over classical SSP, doing compiler-aided checking of 
> stack object sizes to detect more fine-grained stack overflow without 
> relying on the randomized stack canary just past the stack frame.

This breaks some port builds.

Example libfido2 (which is a dependency in the build of e.g. mysql):
---snip---
[  0% 4/1032] /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF 
-DHAVE_ASPRINTF -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H 
-DHAVE_ERR_H -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT 
-DHAVE_GETPAGESIZE -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H 
-DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY 
-DHAVE_STRSEP -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
-DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H -DOPENSSL_API_COMPAT=0x10100000L 
-DTLS=__thread -D_FIDO_INTERNAL -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 
-D_FIDO_PATCH=0 
-I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
-I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
-D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
-O2 -pipe -mtune=native -fvectorize -march=native  
-DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
-fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
-pipe -mtune=native -fvectorize -march=native  
-DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
-fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
-Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
-Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
-Wshorten-64-to-32 -fstack-protector-all -Wconversion -Wsign-conversion 
-Wframe-larger-than=2047 -MD -MT src/CMakeFiles/fido2.dir/aes256.c.o -MF 
src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
src/CMakeFiles/fido2.dir/aes256.c.o -c 
/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
FAILED: src/CMakeFiles/fido2.dir/aes256.c.o
/usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF -DHAVE_ASPRINTF 
-DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H -DHAVE_ERR_H 
-DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT -DHAVE_GETPAGESIZE 
-DHAVE_GETRANDOM -DHAVE_OPENSSLV_H -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H 
-DHAVE_STRLCAT -DHAVE_STRLCPY -DHAVE_STRSEP -DHAVE_SYSCONF 
-DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB -DHAVE_TIMINGSAFE_BCMP 
-DHAVE_UNISTD_H -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread 
-D_FIDO_INTERNAL -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
-I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
-I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
-D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
-O2 -pipe -mtune=native -fvectorize -march=native  
-DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
-fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
-pipe -mtune=native -fvectorize -march=native  
-DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
-fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
-Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
-Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
-Wshorten-64-to-32 -fstack-protector-all -Wconversion -Wsign-conversion 
-Wframe-larger-than=2047 -MD -MT src/CMakeFiles/fido2.dir/aes256.c.o -MF 
src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
src/CMakeFiles/fido2.dir/aes256.c.o -c 
/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:18:2: 
error: use of GNU statement expression extension from macro expansion 
[-Werror,-Wgnu-statement-expression-from-macro-expansion]
    18 |         memset(out, 0, sizeof(*out));
       |         ^
/usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
   120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
       |     ^
/usr/include/ssp/string.h:65:5: note: expanded from macro 
'__ssp_bos_check3_typed'
    65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
dst,      \
       |     ^
/usr/include/ssp/string.h:54:24: note: expanded from macro 
'__ssp_bos_check3_typed_var'
    54 |     src, lenvar, len) ({                                \
       |                        ^
/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:60:2: 
error: use of GNU statement expression extension from macro expansion 
[-Werror,-Wgnu-statement-expression-from-macro-expansion]
    60 |         memset(&iv, 0, sizeof(iv));
       |         ^
/usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
   120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
       |     ^
/usr/include/ssp/string.h:65:5: note: expanded from macro 
'__ssp_bos_check3_typed'
    65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
dst,      \
       |     ^
/usr/include/ssp/string.h:54:24: note: expanded from macro 
'__ssp_bos_check3_typed_var'
    54 |     src, lenvar, len) ({                                \
       |                        ^
---snip---

I also have a failed archivers/libdeflate, devel/highway, www/node20, 
and lang/rust, but those complain about something which could also be 
attributed to some kind of interaction between my use of -fvectorize and 
the new fortify stuff. Example with libdeflate (the libdeflate update in 
ports is from March, and I had it compiled with -fvectorize successfully 
before the fortify stuff came in):
---snip---
In file included from 
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_impl.h:93:
/wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: 
error: always_inline function '_mm512_set1_epi8' requires target feature 
'evex512', but would be inlined into function 
'adler32_x86_avx512_vl512_vnni' that is compiled without support for 
'evex512'
   197 |         const vec_t ones = VSET1_8(1);
       |                            ^
---snip---
Note, my CPUs don't support evex512 or avx512 at all, the compile flags 
haven't changed, this version of the port is installed in multiple jails 
(since March 28), so there is a change in behavior since then. It may or 
may not be due to the fortify stuff.

I will test without -fvectorize later, poudriere is still building 
ports, and I want to see if some other ports fail. Those 5 failed port 
builds result in 160 skipped ports already (out of the >600 which this 
run wants to build).

Maybe you want to backout and request an exp-build to not get swamped 
with failure reports from various people...

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF

--=_a86ef231b52f32732eaa0ca443f44a8f
Content-Type: application/pgp-signature;
 name=signature.asc
Content-Disposition: attachment;
 filename=signature.asc;
 size=833
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmZDXVYACgkQEg2wmwP4
2IZqHg//SkkwugcRRBf8WCZoKPg8a96Qr94RgTVkFSNS4DdutznQ4XIgvWIbt5nx
9YcF0WM5pw8hF21pt8WpB0xtjIErNB6YM1+efT4Qj+OC/FVq53r5ZBcY8PrN0cne
7z8A6bzaKvvHQn1XJzTWZFwSApaLVt3Jbcxo9K7UktWJuxnJABYXSn68Bc7K2s1z
KSbu1v2sIM9wYBmylIJPi/Vhfjoa37U/WzH9OZhsmOMzjJ/3znpI2q+w4weYEZ+C
uOsoqb/iyBZwh3XyYJmYtF/q7e+1+A7GnZVMxleTKWUc8ESZQUYgXBWWl+hHqCq4
Sipooy4V6TJQxZMOWpObCg9zdyinzc88XZWlAKR/KJo6FWYW60BofVXt9C7KUc6s
r3mqJzg1/kFo5fJItQrHYj5MayLaqA3iH7x5YEPHGxVNHDV6a8fVQK6UtdJS4S6l
iwvCMXu9BZms4AvOhRYj+8vOSPwYjwXRW4FIAVuMUQRi0d/0dsBjjqNI02DXJuOG
v8FsRscDemQliFnmDzGngv9d9TvB+wwxV+NhvqKt6ET0IbzEG/Wv/VZau0Tq11qU
waO2TG6T4QG8StjK/mEts+XkN0tnGPRyQJHxejPwmB5tII9UBuUHb28RObemGCsV
RkFfdCJF9dj4t/mxAo0KJtDcsyz/hELt7sbxfFPy3LurtUTEL3Q=
=Qnkn
-----END PGP SIGNATURE-----

--=_a86ef231b52f32732eaa0ca443f44a8f--

From nobody Tue May 14 13:04:57 2024
X-Original-To: hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdxRF6Vzrz5K4PZ
	for <hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 13:05:13 +0000 (UTC)
	(envelope-from tomek@cedro.info)
Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VdxRF4mF3z4LQM
	for <hackers@freebsd.org>; Tue, 14 May 2024 13:05:13 +0000 (UTC)
	(envelope-from tomek@cedro.info)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-de60380c04aso6421277276.2
        for <hackers@freebsd.org>; Tue, 14 May 2024 06:05:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cedro.info; s=google; t=1715691911; x=1716296711; darn=freebsd.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=NnPQCqxFAjoNgbJ/hJY0rqE12Peyhkd7Be3OYvV+iA0=;
        b=hPeEnnKWwrmZs8TXql3TCDVaPqETXm0WMXAx3q2qakN0b1I1E5c2UJNPSAEltpk1BE
         J7XQhzIWl0EOFKrn5PDDe4gj0rknmh4Q0gVLv39ixSgZr4skNqWx7Yq+cN7J0t3Cyd85
         rfSVptvAZZk12GXDfM5mndLNeIWO2QlZnMfUo3cbQqoaephD4wz22nhZtxS1BBShOcyM
         RKoNHfiq+BpHrGkM2bC06yYCd4HLa7ZmOejdWxdHCZjVJDphp7JJTGO4sE+fKDYZ5r2A
         2FcW+Jpje5fOOYDwy7fgVWy6S/Lxja+ezDbLPjfqRw2QuHAs25PyUQGSOCHHvcXGLLSj
         hoGg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715691911; x=1716296711;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=NnPQCqxFAjoNgbJ/hJY0rqE12Peyhkd7Be3OYvV+iA0=;
        b=Em+u2B89QV+WB2ARV37sUqZy025t0MUDz/3XlHoLxmXMF50d9M7txeDCc48lKmbC2s
         Zar1KJ4hElkLm+wd61B6Hkbri9/jPjllxiuZUfup3h3x+Hc0hL4Wra1+GbGinqYqiX4s
         tclXk/+OfqE3td4PqpZnJ+Yle1hyAcGKXY8ZXjhI6r55M6TVVNuqfnLm0yK9GQPVihN5
         N/MnHek1PiVyvuVVdmeSBLWZHdcT1CXl+kqDlfkN/IViB5sdVVO8EbXWIkx48rWYlv+m
         v/4ETDE9wkvyFO7fV06Xhsk2J8j3Kb3+tXrqNwh9kfS0zmiaRQxVZByhEBvHOZrpBcsj
         ePEQ==
X-Gm-Message-State: AOJu0YxXhLbLpuQDAJp+38nEzyFN5AwZW8ttNQKv3K3KVmtJ1ztydo7C
	qusWN1GBWJR9pLojBNUfCb+driuJDRruShoCrGlQL320K3KOgIs5C0/u0YInSQ==
X-Google-Smtp-Source: AGHT+IEjeExO7z39qj0heqZYfmXXpCFf+SOGCgeXrroNNRDl7x0HzXApqMRHA4F/74U+3t2Y5Zvr+A==
X-Received: by 2002:a25:ef0e:0:b0:deb:3c99:1b55 with SMTP id 3f1490d57ef6-dee4f355d0cmr12099190276.45.1715691910597;
        Tue, 14 May 2024 06:05:10 -0700 (PDT)
Received: from mail-yb1-f181.google.com (mail-yb1-f181.google.com. [209.85.219.181])
        by smtp.gmail.com with ESMTPSA id 3f1490d57ef6-debd3745351sm2558760276.34.2024.05.14.06.05.10
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 14 May 2024 06:05:10 -0700 (PDT)
Received: by mail-yb1-f181.google.com with SMTP id 3f1490d57ef6-de60380c04aso6421246276.2;
        Tue, 14 May 2024 06:05:10 -0700 (PDT)
X-Received: by 2002:a05:6902:4f0:b0:de6:482:c7d5 with SMTP id
 3f1490d57ef6-dee4f355d00mr10696149276.43.1715691909423; Tue, 14 May 2024
 06:05:09 -0700 (PDT)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
References: <2y3wjlrzgxocjxtwnx7avo5xuukkee4lvfjlppqpm3kfbqsrvt@nfszfoezpz3d>
In-Reply-To: <2y3wjlrzgxocjxtwnx7avo5xuukkee4lvfjlppqpm3kfbqsrvt@nfszfoezpz3d>
From: Tomek CEDRO <tomek@cedro.info>
Date: Tue, 14 May 2024 15:04:57 +0200
X-Gmail-Original-Message-ID: <CAFYkXj=tRCbK-cKVRxUhSbh_-5e9KO5yOjtrt9sREzweNWE=+g@mail.gmail.com>
Message-ID: <CAFYkXj=tRCbK-cKVRxUhSbh_-5e9KO5yOjtrt9sREzweNWE=+g@mail.gmail.com>
Subject: Re: mdo(1) run as another user without setuid bit
To: Baptiste Daroussin <bapt@freebsd.org>
Cc: hackers@freebsd.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4VdxRF4mF3z4LQM

On Tue, May 14, 2024 at 9:17=E2=80=AFAM Baptiste Daroussin wrote:
> Hello everyone,
> This is an idea that I have been thinking about for a while (actually sin=
ce
> 2015) and that I have been trying to implement a couple of days ago.
> On server usage of FreeBSD one thing which often happen is we segregate s=
ervices
> with their own users (service_user).
> We also give access to the administrators of those services via their own=
 ssh
> keys on their own user (foo) account and of course we want to allow "foo"=
 to run
> some commands as "service_user" or get "service_user" privileges.
> Usually this is done via some sudo or some doas configuration which both
> involved first become root via the setuid bit.
> In many cases doas or sudo are overkill for this sole purpose. To cover t=
his
> need, I thought we could write a very simple tool which will leverage the=
 mac
> framework to make sure we could switch credentials without the need of th=
e
> setuid root.
> Here comes the idea of mac_do(4) policy.
> This is a kernel module policy which allows calling setuid and setgroup f=
rom a
> non root user, according to some policy root and if the request comes fro=
m the
> /usr/bin/mdo binary.
> (..)

So when I have several users / client accounts to manage I can use my
standard non-root user to perform actions on behalf of enabled users..
just like su client1 but without providing password? Env will be also
switched to that target user? :-)

--
CeDeROM, SQ7MHZ, http://www.tomek.cedro.info

From nobody Tue May 14 13:09:24 2024
X-Original-To: hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VdxX64rXkz5K4ck
	for <hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 13:09:26 +0000 (UTC)
	(envelope-from bapt@freebsd.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VdxX63xxHz4Lxt;
	Tue, 14 May 2024 13:09:26 +0000 (UTC)
	(envelope-from bapt@freebsd.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1715692166;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=UfHUIgxCDdUSswBz/Z7Xgx0yaSZg5wBX5xyRld+Qz9w=;
	b=m99aeYSKC4hCrP3jhlba5t7DOfQlqUdrYW1ETRmJVuk7o81BPMGPMH2FnRtzFcD07cguvl
	HOHFK0sJjKvsrgqOcZqJxoWomRAtr7/L7AH/O2SByeq6bnAloUUrEJbIwIAzziK0N+EWpa
	XiiNhWrNQd7XmE3rQMKk6VjW3hvzsdYy5Mq6SLK6+LbPD1y/SzATjvS4DTLniH2PlBa5QN
	xXqflXRMjWNi4bbllNPe+RO5I9vGd6yzf+yT1Y/gsqMeSnfoH7diTNsnjkJ9ATSNnIyFeO
	vcQ0+n2nYE5BbRT0LpS72bjFJ6vD2KEYi0s9k41c9/MDCZCrYgRsrZCKGtS/uw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715692166; a=rsa-sha256; cv=none;
	b=nejupAE1S5LA8+WmG2sa5j/xDRMBlBdCJ5s0uSYF0oPK/OY94pZxJS7Q0TvarVjpkzSV1s
	dcPtrYD+1fInbuq3cDjJ4RQstu12wLhrojTzT1D28MYhz8i6kg/PAoNrgXnP97KxPtOmw0
	SxSOlIhWJXZseGIQlPWrCDBANiC6y4hLRxbk2t4bc1mY4iMCzCD3uoCdst4Umqb/fnSz34
	AtRmJfm7bU1SDKtTmDakSa1dpdL9HjDdvgpBLPezwc6394c1ByZsfZ4uKEsF7aI2bBwqA1
	andsqJcwTUXMvPwBDvDoASQta/ULGsRIpHrBwq1rycZQT1pRP5zqCuM4r0SMgg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1715692166;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=UfHUIgxCDdUSswBz/Z7Xgx0yaSZg5wBX5xyRld+Qz9w=;
	b=n6QS486OS3FiJnBmqNZOy4Tdcyc6YoJl8cjhRoVsMdokvS7f3Jo/GuldQO1KbZasFBqnSr
	y7qO/6OfAXrP4bAzKG9Dvr65IoXRPaXw9C3+kMZtc5Qhr4kn1LOPsNIKtFDpBfCr/d52KE
	K0zInJ9+iCfQIuFRVFU2ZbHIeJD/T64F7BuXQSlLfevvbiyASynVbgDhV0lAYYQNBfI916
	OoE5PjBYZ3n2H2VJZlRtrIrtvvFvOSxw5fgqfo8WqyIb7aL1Dvq27ACdIa1XLsdvlxRNGo
	Bl30aDicKsqXBY5TD6XPDYfFwzgb4KoVh7aqdnXkMxhBo6rsDxbSLuNU0FvS7A==
Received: from aniel.nours.eu (nours.eu [IPv6:2001:41d0:8:3a4d::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: bapt)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4VdxX62fkhzjhF;
	Tue, 14 May 2024 13:09:26 +0000 (UTC)
	(envelope-from bapt@freebsd.org)
Received: by aniel.nours.eu (Postfix, from userid 1001)
	id D08E872E8C; Tue, 14 May 2024 15:09:24 +0200 (CEST)
Date: Tue, 14 May 2024 15:09:24 +0200
From: Baptiste Daroussin <bapt@freebsd.org>
To: Tomek CEDRO <tomek@cedro.info>
Cc: hackers@freebsd.org
Subject: Re: mdo(1) run as another user without setuid bit
Message-ID: <m6bkj3ex72ce6fhiexcs5nwispbtuxgmrhftjomuelrbmuv4zh@ploiihokrkuo>
References: <2y3wjlrzgxocjxtwnx7avo5xuukkee4lvfjlppqpm3kfbqsrvt@nfszfoezpz3d>
 <CAFYkXj=tRCbK-cKVRxUhSbh_-5e9KO5yOjtrt9sREzweNWE=+g@mail.gmail.com>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAFYkXj=tRCbK-cKVRxUhSbh_-5e9KO5yOjtrt9sREzweNWE=+g@mail.gmail.com>

On Tue 14 May 15:04, Tomek CEDRO wrote:
> On Tue, May 14, 2024 at 9:17 AM Baptiste Daroussin wrote:
> > Hello everyone,
> > This is an idea that I have been thinking about for a while (actually since
> > 2015) and that I have been trying to implement a couple of days ago.
> > On server usage of FreeBSD one thing which often happen is we segregate services
> > with their own users (service_user).
> > We also give access to the administrators of those services via their own ssh
> > keys on their own user (foo) account and of course we want to allow "foo" to run
> > some commands as "service_user" or get "service_user" privileges.
> > Usually this is done via some sudo or some doas configuration which both
> > involved first become root via the setuid bit.
> > In many cases doas or sudo are overkill for this sole purpose. To cover this
> > need, I thought we could write a very simple tool which will leverage the mac
> > framework to make sure we could switch credentials without the need of the
> > setuid root.
> > Here comes the idea of mac_do(4) policy.
> > This is a kernel module policy which allows calling setuid and setgroup from a
> > non root user, according to some policy root and if the request comes from the
> > /usr/bin/mdo binary.
> > (..)
> 
> So when I have several users / client accounts to manage I can use my
> standard non-root user to perform actions on behalf of enabled users..
> just like su client1 but without providing password? Env will be also
> switched to that target user? :-)

Yes about the like su client1

About the env, right now, no, but the set of feature provided by the mdo(1) can
be discussed here, as long as it remain really simple.

Best regards,
Bapt

From nobody Tue May 14 16:00:26 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vf1Kb3hGxz5KZmP
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 16:00:35 +0000 (UTC)
	(envelope-from shawn.webb@hardenedbsd.org)
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Vf1Kb0ZNdz4m0P
	for <freebsd-hackers@freebsd.org>; Tue, 14 May 2024 16:00:35 +0000 (UTC)
	(envelope-from shawn.webb@hardenedbsd.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-io1-xd2a.google.com with SMTP id ca18e2360f4ac-7e1d0a674bfso95138939f.1
        for <freebsd-hackers@freebsd.org>; Tue, 14 May 2024 09:00:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=hardenedbsd.org; s=google; t=1715702433; x=1716307233; darn=freebsd.org;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to;
        bh=sdqfiqms5IDdEUD/ABEkjHBxLok3np4VzUZB/xhff3o=;
        b=jPYdJ71Kj55CqEioddgqC3nbNX543kGjFVKn70x9eo7wNlw8YgiCNVJBrVnvVgZWvL
         udolY/H/EToaGKFQ4Ms2XcgxMPEtWD/3PDwQdQHl+ngX8KWb4rHL8t8QYXP+VAjriEFi
         kFKta7DAoNkbZ24592c7hQbzoeRm7IFd86u7rM29gCgVECkC6k8xMQeWqWxN/57Tsm8a
         JMBvMgdKsVrtCafJyJ3j4LnEhgVECXCtnueDJsUv6+LVTgxsrfrBWOl6ebQhWpldzuVv
         Va0CEwqR0GsBuhvW+15s8hdzRjBUurBN0WJin+Hq2JAvhwViRoXgDuDhJHYGQudlUu7+
         qF+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715702433; x=1716307233;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
         :message-id:reply-to;
        bh=sdqfiqms5IDdEUD/ABEkjHBxLok3np4VzUZB/xhff3o=;
        b=f/LOch/VhikOrDV6DA6aI5lwkuiw0X54ImPlDVirCveGC5je9JXmb2/KO6CIg8UWPe
         QcjdOEtrpBONMTmDjdK1wgWVYSqU5BngKnPhXyB95PpHvZlKlW1cFXhVkpdMQioF6Yd6
         CVbLX6yXc6111EZHIyIdmBiqTaELRLw6A8PfVfvPcnMZoe6xq22h0HX/uItIegNLFtp2
         RD/eXeUiULASLJH3lI/NyHHZm4+DaIqUgdCAeZ0v4CQklSY5BSRE0BmpFA/yindKN8wz
         +KaJXOuh2Fl6s7EWCsOQfqzb8sW5iR5awPud0y69imRmwghCo6rESFPJTi59A+YQBXNZ
         p4nQ==
X-Forwarded-Encrypted: i=1; AJvYcCUjjRwMBh2evpw/hF6UeDvaH1CUjeJJnCeWfJPXX/4Zisj0hr4tLJuEWcDsJr/bKEPYfOdGQPy0uxpucHaJzUq+bW3GI+lb+MCXYxs=
X-Gm-Message-State: AOJu0YwghPwy5ptqd3ycuS/ToFzU+ZYmaRSyg9WHca9gUk5y7s9S5IU0
	HhoDwtd/mSO2BQyQnYWPhECZVaANWrusrU3EZzMKvYJjq1mZutZG5sNuXmH9Kc0=
X-Google-Smtp-Source: AGHT+IFQaO6eCxGV7aNcH9xnKE5fAOCelVNF24605prgHSUnbKS/gatqRRRvrQ53WsIZnQSDg/4cVQ==
X-Received: by 2002:a6b:7b4a:0:b0:7e1:ba52:7e2e with SMTP id ca18e2360f4ac-7e1ba527f17mr1070457339f.9.1715702432109;
        Tue, 14 May 2024 09:00:32 -0700 (PDT)
Received: from mutt-hbsd ([184.99.37.29])
        by smtp.gmail.com with ESMTPSA id 8926c6da1cb9f-489376dc990sm3090783173.126.2024.05.14.09.00.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 14 May 2024 09:00:29 -0700 (PDT)
Date: Tue, 14 May 2024 16:00:26 +0000
From: Shawn Webb <shawn.webb@hardenedbsd.org>
To: Alexander Leidinger <Alexander@leidinger.net>
Cc: Kyle Evans <kevans@freebsd.org>, 
	Tomoaki AOKI <junchoon@dec.sakura.ne.jp>, Cy Schubert <Cy.Schubert@cschubert.com>, 
	"freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
Subject: Re: Initial implementation of _FORTIFY_SOURCE
Message-ID: <lhreekti7g2l3vwcr2rp327l6kcf67xx7qaexnj2wtknryeywu@w6vlmptjuj3w>
X-Operating-System: FreeBSD mutt-hbsd 15.0-CURRENT-HBSD FreeBSD
 15.0-CURRENT-HBSD 
X-PGP-Key: https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/blob/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <20240513180924.29C872B4@slippy.cwsent.com>
 <hxql75nrkuggdcjtocsbcezvjfxa4bblg3iyqy46rqnju66ozx@6nmq3uczc7y4>
 <20240514080517.36f218aa3a054aa2cba99b0d@dec.sakura.ne.jp>
 <9d4a06bc-44fd-4e9a-8615-cd71127fc90e@FreeBSD.org>
 <5544c172efe031ecdbabd2a93980cdd5@Leidinger.net>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="bk7rzmbuwmjw54qv"
Content-Disposition: inline
In-Reply-To: <5544c172efe031ecdbabd2a93980cdd5@Leidinger.net>
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]
X-Rspamd-Queue-Id: 4Vf1Kb0ZNdz4m0P


--bk7rzmbuwmjw54qv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, May 14, 2024 at 09:21:09AM +0200, Alexander Leidinger wrote:
> Am 2024-05-14 05:16, schrieb Kyle Evans:
> > On 5/13/24 18:05, Tomoaki AOKI wrote:
> > > On Mon, 13 May 2024 18:57:26 +0000
> > > Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
> > >=20
> > > > On Mon, May 13, 2024 at 11:09:24AM -0700, Cy Schubert wrote:
> > > > > In message
> > > > > <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>, Kyle
> > > > > Evans
> > > > > write
> > > > > s:
> > > > > > Hi,
> > > > > >=20
> > > > > > As of 9bfd3b407 ("Add a build knob for
> > > > > > _FORTIFY_SOURCE"), I've imported
> > > > > > an initial version of FORTIFY_SOURCE from FreeBSD.
> > > > > > FORTIFY_SOURCE is an
> > > > > > improvement over classical SSP, doing compiler-aided
> > > > > > checking of stack
> > > > > > object sizes to detect more fine-grained stack overflow
> > > > > > without relying
> > > > > > on the randomized stack canary just past the stack frame.
> > > > > >=20
> > > > > > This implementation is not yet complete, but we've done a revie=
w of
> > > > > > useful functions and syscalls to add checked variants of
> > > > > > and intend to
> > > > > > complete the implementation over the next month or so.
> > > > > >=20
> > > > > > Please test _FORTIFY_SOURCE out now by setting
> > > > > > FORTIFY_SOURCE=3D2 in the
> > > > > > buildworld env -- I intend to flip the default to 2 when
> > > > > > WITH_SSP is set
> > > > > > in the next month if nobody complains about serious breakage.  =
I've
> > > > > > personally been rolling with FORTIFY_SOURCE=3D2 for the
> > > > > > last three years
> > > > > > that this has been sitting in a local branch, so I don't really
> > > > > > anticipate any super-fundamental breakage.
> > > > >=20
> > > > > Should this trigger a __FreeBSD_version bump?
> > > >=20
> > > > I would encourage that so to help the ports tree determine
> > > > availability of the import.
> > >=20
> > > If it can be enabled/disabled with sysctls/tunables on
> > > runtime/boottime,
> > > bump should be preferred. Maybe this isn't yet the case here, IIUC.
> > >=20
> > > But if it could be done only on build time with WITH_ or WITHOUT_ knob
> > > ad not yet enabled by default for now, now ins't the time to bump.
> > > Bump should be done when it becomes to be built by default.
> > >=20
> > > Bump for non-default build time knob should force poudriere[-devel]
> > > users massive unneeded rebuilds. So should be avoided, if it still
> > > cannot switch on boot or runtime.
> > >=20
> >=20
> > It's strictly build time, and I didn't really see the value in bumping
> > __FreeBSD_version for it.  I don't see any reason to, e.g., turn it into
> > a per-port option that we may not want to have if the feature isn't
> > there, and the knob to build it in is a preprocessor define that's
> > harmless if the feature isn't actually available.
>=20
> Ports: We have WITH_PIE, WITH_BIND_NOW and WITH_RELRO (e.g. for make.conf)
> which enables those build time options globally. Ports then can have e.g.
> PIE_UNSAFE=3Dyes to opt-out of WITH_PIE builds. I think it would be benef=
icial
> if we get something similar for FORTIFY. I already use all of the afore
> mentioned options in my own builds (and have provided NO_PIE hints where =
it
> fails), and I would surely give a similar FORTIFY option a try.
>=20
> On a somewhat related note, has someone already played with CFI
> (https://clang.llvm.org/docs/ControlFlowIntegrity.html)?

HardenedBSD applies non-Cross-DSO CFI to (nearly) all applications in
base and has some integration in ports, with a few ports opting into
CFI. Feel free to reach out directly to me for specific questions so
that we don't get off-topic for this mailing list thread.

Thanks,

--=20
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A=
4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc

--bk7rzmbuwmjw54qv
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAmZDio8ACgkQ/y5nonf4
4fqTSBAAgw3oQ5FXevxnUxaDza5dIGTr5iNYrPxIKEaFRAykyHCNSkrI0LX6O0bL
3IkrRYTKHosfzsUPanY8aOAv4Fmh1BNW6x2/je2aIjQf8j8O82sV/7RFSWjANN56
sm0aTWn/8i9b77f3ua4GgZ33aK8ZZ57yU98tQiHFEYfbx/fwkniC2xxmMPaVLex2
Pt//VARBd5EeiMgJgkdlsk/qByN3eCA8YVAw+k71FJ5z/9NidDcEzspgxS4B5yRr
P/bx3KMrCtUTZkgAHyfLL1SSH+KFXA4Ci0fDNOE82hp4VtAtQMBMVp8JniPZTvz3
w3bEH2XejytOJQEBX9jT5slF2ZCCSQz7aB3K+3FrgBR22RtKYFZRhxPIkTv0AHVm
xahxJd0n50s4oObbTyRgKPoecwdNjAkVMCRDLi5Au25rX3ZxACDWe/Dc/vWkyKva
MpB/nthqxYn69wn9d/WOjlEQFQaYdv8rMvKAY8niTW6G/hxLA36IwKoJx+KDtTqW
SxFcuZr4wTDCniCbefi09Qig/5JjI3yorhDis7hcjtlYC+dcM5TxvS8fe1Qh6HwP
LIvHiFhvIjrD3Nwhqmd49jUxHKVNCQ9CFwR9WB7bjaZd71c+bTVsEOfRqXFHIt8I
Va1Y7Qt5cYr9ThGKM+qbDaa0rCtGe2icn3sHvtZV8SLRS+FVkkw=
=+GJW
-----END PGP SIGNATURE-----

--bk7rzmbuwmjw54qv--

From nobody Tue May 14 16:34:15 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vf24V1Vt2z5Kd47
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 16:34:18 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Vf24V101lz4r5v;
	Tue, 14 May 2024 16:34:18 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1715704458;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=w8mvn0PgcooTxg08m3B0VZEsoOsFBq0mpaWvt8dRYu8=;
	b=TGrtu+3WOgwWQSt+tLlcHCDAxVaJjYmPN0cPRd+VlLcO1oUXKQX4HtWbAPFN+aX8koH4CS
	ipoc6X0k5G83Nq05/SjzztQ0xqD3byaHLt1uRUjx7F/lNPHkd0rgfwkiyVH6hGwwcKUOuJ
	mX1dJLHJVAv+A1AulkUl6jZq6BrGotRMPPYMdUd1LkOMuZtFgHqyGiCLDOvm4jZ+HsAKoR
	a5hEYDGlCqhTMYxc61qLFKsxd0TKrKBu31OwV0gSjTLaM2vUX62IEbafOgUYdSIyRJpdKH
	HjunVuXpKW7rVi4NRGAL7gKbJD10YuQJta+YmL9Wn5sOoS3515UUdaTWPQxuWw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715704458; a=rsa-sha256; cv=none;
	b=c/v8E39f1g41sUwlXUNDpEE7E4ATGXkoUMqAyOZt4h4fO03IwKp0dJLnJvJVxczQdgl/+t
	OvVc5WKHP6p00j6nl56NpyijCNibvZSntsxuBALiM6gITgMYqX9zlpv4xNRsg6UopAbRn1
	NnAiaI9Cx19VpK8L+Bzl6FA0I+oz+FwosKYsoQt1rt3Wb5xmUkYGAPBKVT94OzXgHFQfJw
	gOgd2Pno694e3ygEaGrKDmxZ0zGMBe/sGFU/Vbnmbzo8t3cR8zo8iif0vfhfkUn0jwr34K
	FTgLTlddXml/MLAEQGK8QzfXr+RTfP2aUAB8F6ynd/cF7awZ7xca5cdA0qzKlg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1715704458;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=w8mvn0PgcooTxg08m3B0VZEsoOsFBq0mpaWvt8dRYu8=;
	b=HQFSP6VfDmfnQfC2h+dSjqh/a+CKKnFPzvoR5i7byXxZhpNb5l84cN0Wh3hdAG7nMWnrbT
	5OwRwpwZBMq/t7E3KcMGddz9d0qUfV+yYZCKbrlJ0AAYx64ua6j4eaVh5KYKTgre4v81RL
	G3EAgCvziCndgzGmHX+I/2EBj/7taC+JAIYaf8vtLEczIYECYU92fHZ3rEnfOXXYeDVsyh
	8ZHq1RFsXAE7pLJvf1ad3ymyBjhaBuH67B7hMXlt0ntpoRgJnpgWoO2avfw7v6mnyaOD5s
	PlSaQBe/kxW5TlwAof5yVwdAJe+FqlvFH+FYySQqLekHA1aQSWUmgleDDhrwBw==
Received: from [10.9.4.95] (unknown [209.182.120.176])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: kevans/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4Vf24T4NDnz13MR;
	Tue, 14 May 2024 16:34:17 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Message-ID: <97f000a2-eba8-4767-91e3-d5f311fa4e72@FreeBSD.org>
Date: Tue, 14 May 2024 11:34:15 -0500
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Initial implementation of _FORTIFY_SOURCE
Content-Language: en-US
To: Alexander Leidinger <Alexander@Leidinger.net>
Cc: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <83ac28b8e8e79866facbde716b051340@Leidinger.net>
From: Kyle Evans <kevans@FreeBSD.org>
In-Reply-To: <83ac28b8e8e79866facbde716b051340@Leidinger.net>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 5/14/24 07:47, Alexander Leidinger wrote:
> Am 2024-05-13 19:47, schrieb Kyle Evans:
>> Hi,
>>
>> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've 
>> imported an initial version of FORTIFY_SOURCE from FreeBSD.  
>> FORTIFY_SOURCE is an improvement over classical SSP, doing 
>> compiler-aided checking of stack object sizes to detect more 
>> fine-grained stack overflow without relying on the randomized stack 
>> canary just past the stack frame.
> 
> This breaks some port builds.
> 
> Example libfido2 (which is a dependency in the build of e.g. mysql):
> ---snip---
> [  0% 4/1032] /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF 
> -DHAVE_ASPRINTF -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H 
> -DHAVE_ERR_H -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT 
> -DHAVE_GETPAGESIZE -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H 
> -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY 
> -DHAVE_STRSEP -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H -DOPENSSL_API_COMPAT=0x10100000L 
> -DTLS=__thread -D_FIDO_INTERNAL -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 
> -D_FIDO_PATCH=0 
> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
> -O2 -pipe -mtune=native -fvectorize -march=native 
> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
> -pipe -mtune=native -fvectorize -march=native 
> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
> -Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
> -Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
> -Wshorten-64-to-32 -fstack-protector-all -Wconversion -Wsign-conversion 
> -Wframe-larger-than=2047 -MD -MT src/CMakeFiles/fido2.dir/aes256.c.o -MF 
> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
> src/CMakeFiles/fido2.dir/aes256.c.o -c 
> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
> FAILED: src/CMakeFiles/fido2.dir/aes256.c.o
> /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF -DHAVE_ASPRINTF 
> -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H -DHAVE_ERR_H 
> -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT -DHAVE_GETPAGESIZE 
> -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H 
> -DHAVE_STRLCAT -DHAVE_STRLCPY -DHAVE_STRSEP -DHAVE_SYSCONF 
> -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB -DHAVE_TIMINGSAFE_BCMP 
> -DHAVE_UNISTD_H -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread 
> -D_FIDO_INTERNAL -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
> -O2 -pipe -mtune=native -fvectorize -march=native 
> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
> -pipe -mtune=native -fvectorize -march=native 
> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
> -Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
> -Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
> -Wshorten-64-to-32 -fstack-protector-all -Wconversion -Wsign-conversion 
> -Wframe-larger-than=2047 -MD -MT src/CMakeFiles/fido2.dir/aes256.c.o -MF 
> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
> src/CMakeFiles/fido2.dir/aes256.c.o -c 
> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:18:2: error: use of GNU statement expression extension from macro expansion [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>     18 |         memset(out, 0, sizeof(*out));
>        |         ^
> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
>        |     ^
> /usr/include/ssp/string.h:65:5: note: expanded from macro 
> '__ssp_bos_check3_typed'
>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
> dst,      \
>        |     ^
> /usr/include/ssp/string.h:54:24: note: expanded from macro 
> '__ssp_bos_check3_typed_var'
>     54 |     src, lenvar, len) ({                                \
>        |                        ^
> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:60:2: error: use of GNU statement expression extension from macro expansion [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>     60 |         memset(&iv, 0, sizeof(iv));
>        |         ^
> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
>        |     ^
> /usr/include/ssp/string.h:65:5: note: expanded from macro 
> '__ssp_bos_check3_typed'
>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
> dst,      \
>        |     ^
> /usr/include/ssp/string.h:54:24: note: expanded from macro 
> '__ssp_bos_check3_typed_var'
>     54 |     src, lenvar, len) ({                                \
>        |                        ^
> ---snip---
> 
> I also have a failed archivers/libdeflate, devel/highway, www/node20, 
> and lang/rust, but those complain about something which could also be 
> attributed to some kind of interaction between my use of -fvectorize and 
> the new fortify stuff. Example with libdeflate (the libdeflate update in 
> ports is from March, and I had it compiled with -fvectorize successfully 
> before the fortify stuff came in):
> ---snip---
> In file included from 
> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_impl.h:93:
> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: always_inline function '_mm512_set1_epi8' requires target feature 'evex512', but would be inlined into function 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 'evex512'
>    197 |         const vec_t ones = VSET1_8(1);
>        |                            ^
> ---snip---
> Note, my CPUs don't support evex512 or avx512 at all, the compile flags 
> haven't changed, this version of the port is installed in multiple jails 
> (since March 28), so there is a change in behavior since then. It may or 
> may not be due to the fortify stuff.
> 
> I will test without -fvectorize later, poudriere is still building 
> ports, and I want to see if some other ports fail. Those 5 failed port 
> builds result in 160 skipped ports already (out of the >600 which this 
> run wants to build).
> 
> Maybe you want to backout and request an exp-build to not get swamped 
> with failure reports from various people...
> 

There's really not that much that can go wrong here; I looked at 
enabling the warning in question in base to try and avoid future 
landmines, but that results in an absolute dumpster fire so I guess we 
won't do that.

Can you try this patch, please? https://termbin.com/jdtv -- it's the 
apparently proper way to avoid the warning.

Thanks,

Kyle Evans

From nobody Tue May 14 19:26:24 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Vf5vN1r8jz5Kt3W
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 19:26:40 +0000 (UTC)
	(envelope-from george+freebsd@m5p.com)
Received: from mailhost.m5p.com (mailhost.m5p.com [74.104.188.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "m5p.com", Issuer "R3" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Vf5vM3t5Bz49Cf
	for <freebsd-hackers@FreeBSD.org>; Tue, 14 May 2024 19:26:39 +0000 (UTC)
	(envelope-from george+freebsd@m5p.com)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of george+freebsd@m5p.com designates 74.104.188.4 as permitted sender) smtp.mailfrom=george+freebsd@m5p.com
Received: from [IPV6:2001:470:1f07:15ff::26] (court.m5p.com [IPv6:2001:470:1f07:15ff:0:0:0:26])
	(authenticated bits=0)
	by mailhost.m5p.com (8.17.1/8.17.1) with ESMTPSA id 44EJQOIA036104
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)
	for <freebsd-hackers@FreeBSD.org>; Tue, 14 May 2024 15:26:31 -0400 (EDT)
	(envelope-from george+freebsd@m5p.com)
Message-ID: <489dde7f-a6f6-4c31-a484-3d26d5521a85@m5p.com>
Date: Tue, 14 May 2024 15:26:24 -0400
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: FreeBSD Hackers <freebsd-hackers@FreeBSD.org>
From: George Mitchell <george+freebsd@m5p.com>
Subject: Emoji in FreeBSD: Firefox, Thunderbird, and Chrome
Autocrypt: addr=george+freebsd@m5p.com; keydata=
 xjMEZaHDbxYJKwYBBAHaRw8BAQdA2W6oBfS8haXY0/Ft4zS1OTLYfC8EBIADPTgMQdh85C3N
 KEdlb3JnZSBNaXRjaGVsbCA8Z2VvcmdlK2ZyZWVic2RAbTVwLmNvbT7CmQQTFgoAQRYhBDpv
 v9n4+UzMLAJ8EZocD3futmd9BQJlocSiAhsDBQkFo5qABQsJCAcCAiICBhUKCQgLAgQWAgMB
 Ah4HAheAAAoJEJocD3futmd9SxwBAJUi6DNdVhWCZBTv5XGy1g0JgApLWe/3S0M0zz9sn7/L
 AQCcJcV5k5s2rt9J5C1AUm6XVsuneVvIWXO5j1GKWk0NC844BGWhw28SCisGAQQBl1UBBQEB
 B0AaFz/6B95RRvjOdLZr5fSdhuIHvwr24H3ePDZSw6wlUwMBCAfCfgQYFgoAJhYhBDpvv9n4
 +UzMLAJ8EZocD3futmd9BQJlocNvAhsMBQkFo5qAAAoJEJocD3futmd9RXsBANwRD9RE56F6
 /jeZOrujHICLcgPiOt50Y6866v9OUTjUAP9GlC1aopfBpNwuPLJBam7oBaGqvY98VDhzOjoT
 7DNbCQ==
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------Gfgi6gKfSSBMF9noDIvdN0nj"
X-Spam-Status: No, score=0.2 required=10.0 tests=HELO_MISC_IP,HELO_NO_DOMAIN
	autolearn=no autolearn_force=no version=4.0.0
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on mattapan.m5p.com
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.57 / 15.00];
	SIGNED_PGP(-2.00)[];
	MIME_BASE64_TEXT_BOGUS(1.00)[];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.28)[-0.278];
	R_SPF_ALLOW(-0.20)[+a];
	MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain];
	MIME_BASE64_TEXT(0.10)[];
	XM_UA_NO_VERSION(0.01)[];
	TAGGED_FROM(0.00)[freebsd];
	TO_DN_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	DMARC_NA(0.00)[m5p.com];
	RCPT_COUNT_ONE(0.00)[1];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	RCVD_COUNT_ONE(0.00)[1];
	ARC_NA(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@FreeBSD.org];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	FROM_EQ_ENVFROM(0.00)[];
	HAS_ATTACHMENT(0.00)[];
	R_DKIM_NA(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	ASN(0.00)[asn:701, ipnet:74.104.0.0/16, country:US];
	MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]
X-Rspamd-Queue-Id: 4Vf5vM3t5Bz49Cf

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------Gfgi6gKfSSBMF9noDIvdN0nj
Content-Type: multipart/mixed; boundary="------------YTMzxPnW8furnj3jirwpmpPK";
 protected-headers="v1"
From: George Mitchell <george+freebsd@m5p.com>
To: FreeBSD Hackers <freebsd-hackers@FreeBSD.org>
Message-ID: <489dde7f-a6f6-4c31-a484-3d26d5521a85@m5p.com>
Subject: Emoji in FreeBSD: Firefox, Thunderbird, and Chrome

--------------YTMzxPnW8furnj3jirwpmpPK
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

RmlyZWZveCBhbmQgVGh1bmRlcmJpcmQ6IFRoZXkgYXJlbid0IHRoZXJlLg0KQ2hyb21lOiBU
aGV5IHdvcmsuICBTZWUgaHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvRW1vamkjSW5f
VW5pY29kZQ0KDQpJIGhhdmUgeDExLWZvbnRzL25vdG8tZW1vamkgaW5zdGFsbGVkLg0KDQpX
aGVuIEkgaW5zdGFsbCBDaHJvbWUsIHRoZSBpbml0aWFsIGZvbnQgc2V0dGluZ3MgYXJlIGFs
bCAiQ3VzdG9tLCINCnRob3VnaCBvbmNlIEkgc2VsZWN0IHNvbWUgb3RoZXIgc2V0dGluZywg
IkN1c3RvbSIgZGlzYXBwZWFycyBmcm9tIHRoZQ0KZHJvcC1kb3duIG1lbnUuICBSZWdhcmRs
ZXNzIG9mIHRoYXQsIGVtb2ppcyBzdGlsbCBvcGVyYXRlIGFzIGV4cGVjdGVkLg0KQnV0IGlu
IEZpcmVmb3gsIGV2ZW4gd2hlbiBJIHNldCBhbGwgZm9udCBzZXR0aW5nIHRvIE5vdG8sIG5v
IGVtb2ppcw0KYXBwZWFyOyBub3IgZG8gdGhleSB3b3JrIGluIFRodW5kZXJiaXJkLg0KDQpX
aGF0IGVsc2Ugc2hvdWxkIEkgY2hlY2s/ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgIC0tIEdlb3JnZQ0K

--------------YTMzxPnW8furnj3jirwpmpPK--

--------------Gfgi6gKfSSBMF9noDIvdN0nj
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQQ6b7/Z+PlMzCwCfBGaHA937rZnfQUCZkO64AUDAAAAAAAKCRCaHA937rZnffgL
AP49hXsOtVXcVCzsvquCkRYHboKQp9b2wsSqK9VrdDpLdwD/XPo6x0T10y9acrrpJ/ued6PtjuTF
6l2CJ49a/07bVA0=
=kWX/
-----END PGP SIGNATURE-----

--------------Gfgi6gKfSSBMF9noDIvdN0nj--

From nobody Tue May 14 23:15:27 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VfBzP0ZxXz5LB6p
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Tue, 14 May 2024 23:15:29 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VfBzN6kJHz4f7W;
	Tue, 14 May 2024 23:15:28 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1715728528;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=k4hUgJmCIqRYgbiqjrRJoW1IJimNHcPqu8XkpPLgKw8=;
	b=oTsA3RQrf13PK1prbNh/pPSemsjxPQCcJUTFCL/xhHKNds60al76/elJEnar4Y7cmUVCgN
	jpVjKQlHuRgmtq2ExTSRdZ76EZVlhJm0aG2xb/Zy7zhPEjsA3HdhSXm2wR+zq1WTSRYqOh
	3UiUAMiKwsct2jKUGDaGRaKfisyVUxVnOg1ppm2t7EiPcvEqloV9/AvaDRAKPaXK7HX2xY
	ByF22ObuoizljlDnXtv3rRfVqbP3xC/sNW81VX5WIk9zqxzme4OJaFX+NBnmIhov4gv9lO
	O7vg52u7r9Bpbf53QPXJVrn/kE1+i6rf5oigyd2qMuzgjxtrXdfuYfwWJpbB6w==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1715728528; a=rsa-sha256; cv=none;
	b=cLjxIXYv8ae3Z9QF8YV6UyPCgA+L7hBS/DJ6pGfr7Fjw3wNP3kTnl3OM5bnBFD9O1+ZGym
	MRvIRpAEpqkbB9ETYEC+UCy/ODy4BibPz4HLu3+prtm71dHos6QK6c5ddYMFhjg1UkAaOE
	anZiya7F8tXGphpGFFKc63w9nQ66f8VSUhJfBcI9Qe2nJ9NzPYjgTlRbLm5X4kSvh3NWwT
	qbpTuP0bmmR37HI1mk+EAVL3rpWr41ht65/FA3jyTJQHRO8GdtjHcgMchwiMjsCks41zfj
	mrSmc10wY04EENHzKxMngIWzE2J8YK36NoNs0HGWIFxJD7onuldkQ33Q5A5jCg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1715728528;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=k4hUgJmCIqRYgbiqjrRJoW1IJimNHcPqu8XkpPLgKw8=;
	b=Wocqs3mSlojpOWVW7zANOMGjom0DnMuCA3T5U4LTJMQGhabO2PdNyzGvL7aomIwsfrbjIU
	dxofksADZ1hH3iUgK6q+KjwUO7PXELwB0AYOY3w4Q5TqruYTrRLZd3Jis5F9saZAN6y24h
	euy3g2aE5IDTv4u/OHAXeiDqasLryUhcUVIKNR8G8JqtmE0uRhRwWnHSktSNtekPY36Aoy
	1M1L6Y6mpkWQg7WPKYAV5f4s+D8pk+jAbbTxYStoD8eNbYphFMAavJ2RBCEX02VOeZcnvp
	49HlHf9z+G6k3if9fFH/Zv3DJ1rBCzXVWfrdQjJ3tUuVoPG7OMbJ4GHAzuscjA==
Received: from [10.9.4.95] (unknown [209.182.120.176])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: kevans/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4VfBzN4NS0z19YG;
	Tue, 14 May 2024 23:15:28 +0000 (UTC)
	(envelope-from kevans@FreeBSD.org)
Message-ID: <b77dee76-34e0-4a22-808a-bdbca33bc7dd@FreeBSD.org>
Date: Tue, 14 May 2024 18:15:27 -0500
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Initial implementation of _FORTIFY_SOURCE
Content-Language: en-US
From: Kyle Evans <kevans@FreeBSD.org>
To: Alexander Leidinger <Alexander@Leidinger.net>
Cc: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <83ac28b8e8e79866facbde716b051340@Leidinger.net>
 <97f000a2-eba8-4767-91e3-d5f311fa4e72@FreeBSD.org>
In-Reply-To: <97f000a2-eba8-4767-91e3-d5f311fa4e72@FreeBSD.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 5/14/24 11:34, Kyle Evans wrote:
> On 5/14/24 07:47, Alexander Leidinger wrote:
>> Am 2024-05-13 19:47, schrieb Kyle Evans:
>>> Hi,
>>>
>>> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've 
>>> imported an initial version of FORTIFY_SOURCE from FreeBSD. 
>>> FORTIFY_SOURCE is an improvement over classical SSP, doing 
>>> compiler-aided checking of stack object sizes to detect more 
>>> fine-grained stack overflow without relying on the randomized stack 
>>> canary just past the stack frame.
>>
>> This breaks some port builds.
>>
>> Example libfido2 (which is a dependency in the build of e.g. mysql):
>> ---snip---
>> [  0% 4/1032] /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF 
>> -DHAVE_ASPRINTF -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM 
>> -DHAVE_ENDIAN_H -DHAVE_ERR_H -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE 
>> -DHAVE_GETOPT -DHAVE_GETPAGESIZE -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H 
>> -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY 
>> -DHAVE_STRSEP -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
>> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H 
>> -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread -D_FIDO_INTERNAL 
>> -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
>> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
>> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
>> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native 
>> -fvectorize -O2 -pipe -mtune=native -fvectorize -march=native 
>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
>> -pipe -mtune=native -fvectorize -march=native 
>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
>> -Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
>> -Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
>> -Wshorten-64-to-32 -fstack-protector-all -Wconversion 
>> -Wsign-conversion -Wframe-larger-than=2047 -MD -MT 
>> src/CMakeFiles/fido2.dir/aes256.c.o -MF 
>> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
>> src/CMakeFiles/fido2.dir/aes256.c.o -c 
>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
>> FAILED: src/CMakeFiles/fido2.dir/aes256.c.o
>> /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF -DHAVE_ASPRINTF 
>> -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H -DHAVE_ERR_H 
>> -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT -DHAVE_GETPAGESIZE 
>> -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H -DHAVE_READPASSPHRASE 
>> -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY -DHAVE_STRSEP 
>> -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
>> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H 
>> -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread -D_FIDO_INTERNAL 
>> -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
>> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
>> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
>> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native 
>> -fvectorize -O2 -pipe -mtune=native -fvectorize -march=native 
>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize -O2 
>> -pipe -mtune=native -fvectorize -march=native 
>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall -Wextra 
>> -Werror -Wshadow -Wcast-qual -Wwrite-strings -Wmissing-prototypes 
>> -Wbad-function-cast -Wimplicit-fallthrough -pedantic -pedantic-errors 
>> -Wshorten-64-to-32 -fstack-protector-all -Wconversion 
>> -Wsign-conversion -Wframe-larger-than=2047 -MD -MT 
>> src/CMakeFiles/fido2.dir/aes256.c.o -MF 
>> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
>> src/CMakeFiles/fido2.dir/aes256.c.o -c 
>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:18:2: error: use of GNU statement expression extension from macro expansion [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>>     18 |         memset(out, 0, sizeof(*out));
>>        |         ^
>> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
>>        |     ^
>> /usr/include/ssp/string.h:65:5: note: expanded from macro 
>> '__ssp_bos_check3_typed'
>>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
>> dst,      \
>>        |     ^
>> /usr/include/ssp/string.h:54:24: note: expanded from macro 
>> '__ssp_bos_check3_typed_var'
>>     54 |     src, lenvar, len) ({                                \
>>        |                        ^
>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:60:2: error: use of GNU statement expression extension from macro expansion [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>>     60 |         memset(&iv, 0, sizeof(iv));
>>        |         ^
>> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, len)
>>        |     ^
>> /usr/include/ssp/string.h:65:5: note: expanded from macro 
>> '__ssp_bos_check3_typed'
>>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, __ssp_var(dstv), 
>> dst,      \
>>        |     ^
>> /usr/include/ssp/string.h:54:24: note: expanded from macro 
>> '__ssp_bos_check3_typed_var'
>>     54 |     src, lenvar, len) ({                                \
>>        |                        ^
>> ---snip---
>>
>> I also have a failed archivers/libdeflate, devel/highway, www/node20, 
>> and lang/rust, but those complain about something which could also be 
>> attributed to some kind of interaction between my use of -fvectorize 
>> and the new fortify stuff. Example with libdeflate (the libdeflate 
>> update in ports is from March, and I had it compiled with -fvectorize 
>> successfully before the fortify stuff came in):
>> ---snip---
>> In file included from 
>> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_impl.h:93:
>> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: error: always_inline function '_mm512_set1_epi8' requires target feature 'evex512', but would be inlined into function 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 'evex512'
>>    197 |         const vec_t ones = VSET1_8(1);
>>        |                            ^
>> ---snip---
>> Note, my CPUs don't support evex512 or avx512 at all, the compile 
>> flags haven't changed, this version of the port is installed in 
>> multiple jails (since March 28), so there is a change in behavior 
>> since then. It may or may not be due to the fortify stuff.
>>
>> I will test without -fvectorize later, poudriere is still building 
>> ports, and I want to see if some other ports fail. Those 5 failed port 
>> builds result in 160 skipped ports already (out of the >600 which this 
>> run wants to build).
>>
>> Maybe you want to backout and request an exp-build to not get swamped 
>> with failure reports from various people...
>>
> 
> There's really not that much that can go wrong here; I looked at 
> enabling the warning in question in base to try and avoid future 
> landmines, but that results in an absolute dumpster fire so I guess we 
> won't do that.
> 
> Can you try this patch, please? https://termbin.com/jdtv -- it's the 
> apparently proper way to avoid the warning.
> 

I've confirmed that this patch fixes libfido2, will commit shortly.  The 
other failures you noted are indeed not related, FORTIFY_SOURCE has no 
bearing on any of these things.

Thanks,

Kyle Evans


From nobody Wed May 15 00:18:39 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VfDNZ5Nqsz5LGBS
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 15 May 2024 00:18:54 +0000 (UTC)
	(envelope-from yaneurabeya@gmail.com)
Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VfDNZ207sz4lDN;
	Wed, 15 May 2024 00:18:54 +0000 (UTC)
	(envelope-from yaneurabeya@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=FnDKU4Mz;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of yaneurabeya@gmail.com designates 2607:f8b0:4864:20::52a as permitted sender) smtp.mailfrom=yaneurabeya@gmail.com
Received: by mail-pg1-x52a.google.com with SMTP id 41be03b00d2f7-6123726725eso5020677a12.3;
        Tue, 14 May 2024 17:18:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1715732332; x=1716337132; darn=freebsd.org;
        h=to:references:message-id:cc:date:in-reply-to:from:subject
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=+3lUVVIua06rEXB8UojGKTFU3hEcLdYanGOGbCFw5S0=;
        b=FnDKU4MzilKipX/AUNHQjk+qQlUVNsiTdVwNh3fgAKAuvpGpkmgIq1L8bx2JnPGLq9
         Mp1K9ZpiFYcSFXcej0TOrHtyT8LTa8Kh1+2wjxUI0GdJ4spfsSbZN/GG+LIK2W0mQKFg
         5sjfVvhwNw+4YUqOJp5T9wGTjbQrNyIybP2hs9SIvkDCy2wAAmfZmJGbdCbpDb0JeiQl
         61TAOOpPJ/mLwtuszDJuxbt3NSM/8kg9hkDUmZDHUQroxUtsCeJ5ujL7BEAGprffrhvO
         WJfr5y3h+3p+LABi1CFy0WK4K0BsGM+w4iXUcZYLrfRWrqNSVgmy+1OYHAl6jfJE3TcD
         NzxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715732332; x=1716337132;
        h=to:references:message-id:cc:date:in-reply-to:from:subject
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=+3lUVVIua06rEXB8UojGKTFU3hEcLdYanGOGbCFw5S0=;
        b=TCUtsogY/zT4porzKqtuTPSbPSy5Yp++M2R7XGtJaUSjvqJeYmc74K9XtdzTssEwl1
         WthZ26EuISfNIyr1fdw1VgRFj0JH2oS4BOgMdiTjRyJdBVZhZmpsd5yHea/Bur2lSs/C
         qFx7do9t5Q9f9vuVhocFvKVHG9Xp1bnLDwjBWHUcnF6ga6ZE8Fm2gjSH0VrNIU8ZPaot
         pKIpMnpRHxh0MEYLHBSUYii0OSL0wEExrLOlN66p+h7WFBU5hKZXiGWTK+OXD1hIpaQ5
         2H7OV1s4UOe24CPB52gGIwPtjKvcWhs5T1ce8QZilDjMueia6WUIIpYkkE5joFrtHE8R
         do4Q==
X-Forwarded-Encrypted: i=1; AJvYcCWhwIoSZYvpyxsoK+OtVuoH43vrIyX1EWUocyJbmXiQCyi52P3s8Y4q0r+OZshBgq+vXtBQZ2BQcZJTayuEOhLUhqFd8J0P4HQFPIM=
X-Gm-Message-State: AOJu0YyLBwTFTN+trsZjq55ukdBvfrrd/jDsfpODtV84uNaBUlltYHPH
	okNkLDpD4CLhYzlJPcfY5XpEztp2svytk9yTiYxBVCMzMWXggKKvhvtNXw==
X-Google-Smtp-Source: AGHT+IHDJTBslozwbCuWNaZIhhTW2+I8JGx9E9YLvk7+QW3uVwOYwTVJa9qjppocYc0nDfWqSik7LA==
X-Received: by 2002:a17:90a:eb07:b0:2b4:3659:b3f5 with SMTP id 98e67ed59e1d1-2b6ccd886efmr9783635a91.47.1715732331669;
        Tue, 14 May 2024 17:18:51 -0700 (PDT)
Received: from smtpclient.apple ([162.118.1.182])
        by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-2b62886b5cesm12271032a91.26.2024.05.14.17.18.50
        (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
        Tue, 14 May 2024 17:18:50 -0700 (PDT)
Content-Type: multipart/signed;
	boundary="Apple-Mail=_02171A0C-E809-4575-8036-FCE18037610D";
	protocol="application/pgp-signature";
	micalg=pgp-sha256
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.500.171.1.1\))
Subject: Re: How to run tests without installing?
From: Enji Cooper <yaneurabeya@gmail.com>
In-Reply-To: <ZjAHcluVI2SGh8Ul@spindle.one-eyed-alien.net>
Date: Tue, 14 May 2024 17:18:39 -0700
Cc: Christian Weisgerber <naddy@mips.inka.de>,
 freebsd-hackers@freebsd.org
Message-Id: <FE4F10DD-EC61-47E4-9CB6-9F7AD758E81D@gmail.com>
References: <Zi93yxSsEnttr3Ay@lorvorc.mips.inka.de>
 <ZjAHcluVI2SGh8Ul@spindle.one-eyed-alien.net>
To: Brooks Davis <brooks@freebsd.org>
X-Mailer: Apple Mail (2.3774.500.171.1.1)
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.01 / 15.00];
	SIGNED_PGP(-2.00)[];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	MV_CASE(0.50)[];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	NEURAL_HAM_SHORT(-0.41)[-0.414];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
	MIME_GOOD(-0.20)[multipart/signed,text/plain];
	R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
	RCVD_TLS_LAST(0.00)[];
	FROM_HAS_DN(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	TO_DN_SOME(0.00)[];
	ARC_NA(0.00)[];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	FREEMAIL_FROM(0.00)[gmail.com];
	DKIM_TRACE(0.00)[gmail.com:+];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
	RCPT_COUNT_THREE(0.00)[3];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	HAS_ATTACHMENT(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::52a:from];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim]
X-Rspamd-Queue-Id: 4VfDNZ207sz4lDN


--Apple-Mail=_02171A0C-E809-4575-8036-FCE18037610D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8


> On Apr 29, 2024, at 1:47=E2=80=AFPM, Brooks Davis <brooks@freebsd.org> =
wrote:
>=20
> On Mon, Apr 29, 2024 at 12:34:51PM +0200, Christian Weisgerber wrote:
>> How can I run the regression tests on my work-in-progress without
>> installing it first?
>>=20
>> Say I'm changing something in sh.  Can I run the tests on the
>> compiled sh in /usr/obj, without having to install my potentially
>> broken work into the system?  Running "make tests" in src/bin/sh
>> doesn't seem to actually test anything.
>=20
> Generally speaking you can't.  This is one of the problematic things
> about the current test framework.  The best you can do for something
> like sh where you really don't want to install a broken one is =
probably
> installing in a jail and running tests there.

Try =E2=80=9Cmake check MK_MAKE_CHECK_USE_SANDBOX=3Dyes -DNO_ROOT=E2=80=9D=
. It=E2=80=99s not perfect, but it might do what you want without =
breaking your system.
Cheers,
-Enji=

--Apple-Mail=_02171A0C-E809-4575-8036-FCE18037610D
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEkHfexGRJ3gYRdA2gGpE5DjPsNJgFAmZD/18ACgkQGpE5DjPs
NJi0LBAAis1MzHG1LoKi+9iN73r/uiU3QS1OyWq0qBt3Ygbb8GmUHhJRakWFEBIZ
n1ckcga0rPyjAlmTAO4rZ+2+nH/clHRT/p5Irq+b9YmqehTX3TY7BSNguzzopUF6
e510MwD2RUtIVNLkSkEgWCZ8gksH2GCHOqhDL7ZGDPSkQuE56DX76h+KSkctPI6z
DdV7jnQGLGqv4eRd/Z9WF6IjhieqtPr9KJmMZ7If7WjOJanazWc2GiWFJGsyFTqW
JVQXjPwLaW2yUPh19iuG2GziyZxDjpaz8dM5e5gT+2VVS6Uv4VPypp4FBp1ToJTL
WSZ+TudyRGHscRi4luMybalEyRYCx2Bb3JUKNdyJpJruqKytvAIHvfHifvxdIYJy
wfKqODSF2v9Fw6O1z2h7lSsxtjWdQfRc6gsChoNLTOUgVDDkvQJ7NKl2XS7FLKAH
RKjyQSaMhBVyTAnAsboT+mbZO7xkyLdm4D1ahSgqMVdqT1rrXbBwBMOr6HtdgLoP
xWNDi+fd0Bhhh5XJLBT3OtXo3hX57H6tkB5gm6qG3haO5v30gHUaA3tCf9lqTIPk
sZ180xTAcBrRoLXMoFOTR+yeYIkbbIFpezE+Ko8Qb6Vq+PeW+uLBw/FClS1fSm8x
Qzem56b22d8RoP2aRaxrPUGpzvbetGESiRTVVAe0dppvkFdobTY=
=7mX7
-----END PGP SIGNATURE-----

--Apple-Mail=_02171A0C-E809-4575-8036-FCE18037610D--

From nobody Wed May 15 06:05:59 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VfN6605XJz5KGkH
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 15 May 2024 06:06:54 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Received: from mailgate.Leidinger.net (bastille.leidinger.net [89.238.82.207])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (P-256) client-digest SHA256)
	(Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VfN653ylkz4Kch;
	Wed, 15 May 2024 06:06:53 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Authentication-Results: mx1.freebsd.org;
	none
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net;
	s=outgoing-alex; t=1715753207;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=y9e5Y9XJh+zd9bAVBg672FIcsrZWSGwLFbHqT7yD+z4=;
	b=hvsGg/mylIxjXd1ns3EuuMuLayPtG/PwDmE9+1ziXzocsBFWWLIzgMSr6EDSUbNmWK5ChT
	tf2de06Z0pOWFGPS0sK+sUEBrqAurzyRrMVXpbwPm0QUtc1caj6iw50XRMqoziWAqa9EYj
	bx5LY0QQ6011UIgQhcip6LqOZAvhOSvqnfP0eVX4FI03cMpd+PUUG2aLjx/2S8Eufb1EYY
	5z2Ns9v24mCvK5y8yGrq/plhwJijIR5D4Uzi3S0v5j5fI9OisfsyGIcrzpJhI4v5f2b8oV
	zgMuwN+UFX2XRkvlmX9ywKAx3DtEvreKjW3gB9YBU6ydFlX9m4+zcslfu6adEQ==
Date: Wed, 15 May 2024 08:05:59 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Kyle Evans <kevans@freebsd.org>
Cc: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
Subject: Re: Initial implementation of _FORTIFY_SOURCE
In-Reply-To: <b77dee76-34e0-4a22-808a-bdbca33bc7dd@FreeBSD.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <83ac28b8e8e79866facbde716b051340@Leidinger.net>
 <97f000a2-eba8-4767-91e3-d5f311fa4e72@FreeBSD.org>
 <b77dee76-34e0-4a22-808a-bdbca33bc7dd@FreeBSD.org>
Message-ID: <5777a5fc638682653d7bf1c4a041742d@Leidinger.net>
Organization: No organization, this is a private message.
Content-Type: multipart/signed;
 protocol="application/pgp-signature";
 boundary="=_edfc8542b893ab3cd310c38265551a90";
 micalg=pgp-sha256
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:34240, ipnet:89.238.64.0/18, country:DE]
X-Rspamd-Queue-Id: 4VfN653ylkz4Kch

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_edfc8542b893ab3cd310c38265551a90
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8;
 format=flowed

Am 2024-05-15 01:15, schrieb Kyle Evans:
> On 5/14/24 11:34, Kyle Evans wrote:
>> On 5/14/24 07:47, Alexander Leidinger wrote:
>>> Am 2024-05-13 19:47, schrieb Kyle Evans:
>>>> Hi,
>>>> 
>>>> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've 
>>>> imported an initial version of FORTIFY_SOURCE from FreeBSD. 
>>>> FORTIFY_SOURCE is an improvement over classical SSP, doing 
>>>> compiler-aided checking of stack object sizes to detect more 
>>>> fine-grained stack overflow without relying on the randomized stack 
>>>> canary just past the stack frame.
>>> 
>>> This breaks some port builds.
>>> 
>>> Example libfido2 (which is a dependency in the build of e.g. mysql):
>>> ---snip---
>>> [  0% 4/1032] /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF 
>>> -DHAVE_ASPRINTF -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM 
>>> -DHAVE_ENDIAN_H -DHAVE_ERR_H -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE 
>>> -DHAVE_GETOPT -DHAVE_GETPAGESIZE -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H 
>>> -DHAVE_READPASSPHRASE -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY 
>>> -DHAVE_STRSEP -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
>>> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H 
>>> -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread -D_FIDO_INTERNAL 
>>> -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
>>> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
>>> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
>>> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native 
>>> -fvectorize -O2 -pipe -mtune=native -fvectorize -march=native 
>>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>>> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
>>> -O2 -pipe -mtune=native -fvectorize -march=native 
>>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>>> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall 
>>> -Wextra -Werror -Wshadow -Wcast-qual -Wwrite-strings 
>>> -Wmissing-prototypes -Wbad-function-cast -Wimplicit-fallthrough 
>>> -pedantic -pedantic-errors -Wshorten-64-to-32 -fstack-protector-all 
>>> -Wconversion -Wsign-conversion -Wframe-larger-than=2047 -MD -MT 
>>> src/CMakeFiles/fido2.dir/aes256.c.o -MF 
>>> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
>>> src/CMakeFiles/fido2.dir/aes256.c.o -c 
>>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
>>> FAILED: src/CMakeFiles/fido2.dir/aes256.c.o
>>> /usr/local/libexec/ccache/cc -DHAVE_ARC4RANDOM_BUF -DHAVE_ASPRINTF 
>>> -DHAVE_CLOCK_GETTIME -DHAVE_DEV_URANDOM -DHAVE_ENDIAN_H -DHAVE_ERR_H 
>>> -DHAVE_EXPLICIT_BZERO -DHAVE_GETLINE -DHAVE_GETOPT -DHAVE_GETPAGESIZE 
>>> -DHAVE_GETRANDOM -DHAVE_OPENSSLV_H -DHAVE_READPASSPHRASE 
>>> -DHAVE_SIGNAL_H -DHAVE_STRLCAT -DHAVE_STRLCPY -DHAVE_STRSEP 
>>> -DHAVE_SYSCONF -DHAVE_SYS_RANDOM_H -DHAVE_TIMESPECSUB 
>>> -DHAVE_TIMINGSAFE_BCMP -DHAVE_UNISTD_H 
>>> -DOPENSSL_API_COMPAT=0x10100000L -DTLS=__thread -D_FIDO_INTERNAL 
>>> -D_FIDO_MAJOR=1 -D_FIDO_MINOR=14 -D_FIDO_PATCH=0 
>>> -I/wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src 
>>> -I/usr/local/include -D_POSIX_C_SOURCE=200809L -D_BSD_SOURCE 
>>> -D__BSD_VISIBLE=1 -std=c99 -O2 -pipe -O2 -pipe -mtune=native 
>>> -fvectorize -O2 -pipe -mtune=native -fvectorize -march=native 
>>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>>> -fno-strict-aliasing -O2 -pipe -O2 -pipe -mtune=native -fvectorize 
>>> -O2 -pipe -mtune=native -fvectorize -march=native 
>>> -DOPENSSL_API_COMPAT=0x10100000L -fstack-protector-strong 
>>> -fno-strict-aliasing  -DNDEBUG -D_FORTIFY_SOURCE=2 -fPIC -Wall 
>>> -Wextra -Werror -Wshadow -Wcast-qual -Wwrite-strings 
>>> -Wmissing-prototypes -Wbad-function-cast -Wimplicit-fallthrough 
>>> -pedantic -pedantic-errors -Wshorten-64-to-32 -fstack-protector-all 
>>> -Wconversion -Wsign-conversion -Wframe-larger-than=2047 -MD -MT 
>>> src/CMakeFiles/fido2.dir/aes256.c.o -MF 
>>> src/CMakeFiles/fido2.dir/aes256.c.o.d -o 
>>> src/CMakeFiles/fido2.dir/aes256.c.o -c 
>>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c
>>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:18:2: 
>>> error: use of GNU statement expression extension from macro expansion 
>>> [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>>>     18 |         memset(out, 0, sizeof(*out));
>>>        |         ^
>>> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>>>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, 
>>> len)
>>>        |     ^
>>> /usr/include/ssp/string.h:65:5: note: expanded from macro 
>>> '__ssp_bos_check3_typed'
>>>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, 
>>> __ssp_var(dstv), dst,      \
>>>        |     ^
>>> /usr/include/ssp/string.h:54:24: note: expanded from macro 
>>> '__ssp_bos_check3_typed_var'
>>>     54 |     src, lenvar, len) ({                                \
>>>        |                        ^
>>> /wrkdirs/usr/ports/security/libfido2/work/libfido2-1.14.0/src/aes256.c:60:2: 
>>> error: use of GNU statement expression extension from macro expansion 
>>> [-Werror,-Wgnu-statement-expression-from-macro-expansion]
>>>     60 |         memset(&iv, 0, sizeof(iv));
>>>        |         ^
>>> /usr/include/ssp/string.h:120:5: note: expanded from macro 'memset'
>>>    120 |     __ssp_bos_check3_typed(memset, void *, dst, int, val, 
>>> len)
>>>        |     ^
>>> /usr/include/ssp/string.h:65:5: note: expanded from macro 
>>> '__ssp_bos_check3_typed'
>>>     65 |     __ssp_bos_check3_typed_var(fun, dsttype, 
>>> __ssp_var(dstv), dst,      \
>>>        |     ^
>>> /usr/include/ssp/string.h:54:24: note: expanded from macro 
>>> '__ssp_bos_check3_typed_var'
>>>     54 |     src, lenvar, len) ({                                \
>>>        |                        ^
>>> ---snip---
>>> 
>>> I also have a failed archivers/libdeflate, devel/highway, www/node20, 
>>> and lang/rust, but those complain about something which could also be 
>>> attributed to some kind of interaction between my use of -fvectorize 
>>> and the new fortify stuff. Example with libdeflate (the libdeflate 
>>> update in ports is from March, and I had it compiled with -fvectorize 
>>> successfully before the fortify stuff came in):
>>> ---snip---
>>> In file included from 
>>> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_impl.h:93:
>>> /wrkdirs/usr/ports/archivers/libdeflate/work/libdeflate-1.20/lib/x86/adler32_template.h:197:21: 
>>> error: always_inline function '_mm512_set1_epi8' requires target 
>>> feature 'evex512', but would be inlined into function 
>>> 'adler32_x86_avx512_vl512_vnni' that is compiled without support for 
>>> 'evex512'
>>>    197 |         const vec_t ones = VSET1_8(1);
>>>        |                            ^
>>> ---snip---
>>> Note, my CPUs don't support evex512 or avx512 at all, the compile 
>>> flags haven't changed, this version of the port is installed in 
>>> multiple jails (since March 28), so there is a change in behavior 
>>> since then. It may or may not be due to the fortify stuff.
>>> 
>>> I will test without -fvectorize later, poudriere is still building 
>>> ports, and I want to see if some other ports fail. Those 5 failed 
>>> port builds result in 160 skipped ports already (out of the >600 
>>> which this run wants to build).
>>> 
>>> Maybe you want to backout and request an exp-build to not get swamped 
>>> with failure reports from various people...
>>> 
>> 
>> There's really not that much that can go wrong here; I looked at 
>> enabling the warning in question in base to try and avoid future 
>> landmines, but that results in an absolute dumpster fire so I guess we 
>> won't do that.
>> 
>> Can you try this patch, please? https://termbin.com/jdtv -- it's the 
>> apparently proper way to avoid the warning.
>> 
> 
> I've confirmed that this patch fixes libfido2, will commit shortly.  
> The other failures you noted are indeed not related, FORTIFY_SOURCE has 
> no bearing on any of these things.

Your stdio.h does look different to my tree (it's from May 13, with 
manual removal of the ObsoleteFiles.inc stuff)... I did this manually 
now and give it a try in poudriere:
---snip---
#define sprintf(str, ...) __extension__ ({      \
     char *_ssp_str = (str);     \
     __builtin___sprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str),           
\
         __VA_ARGS__); \
})

#define vsprintf(str, fmt, ap) __extension__ ({ \
     char *_ssp_str = (str);             \
     __builtin___vsprintf_chk(_ssp_str, 0, __ssp_bos(_ssp_str), fmt,     
\
         ap);                            \
})

#define snprintf(str, len, ...) __extension__ ({        \
     char *_ssp_str = (str);             \
     __builtin___snprintf_chk(_ssp_str, len, 0, __ssp_bos(_ssp_str),     
\
         __VA_ARGS__);                   \
})

#define vsnprintf(str, len, fmt, ap) __extension__ ({   \
     char *_ssp_str = (str);             \
     __builtin___vsnprintf_chk(_ssp_str, len, 0, __ssp_bos(_ssp_str),    
\
         fmt, ap);                       \
})

#define gets(str) __extension__ ({                      \
    char *_ssp_str = (str);              \
     __gets_chk(_ssp_str, __ssp_bos(_ssp_str));  \
})

#define fgets(str, len, fp) __extension__ ({            \
     char *_ssp_str = (str);             \
     __fgets_chk(_ssp_str, len, __ssp_bos(_ssp_str), fp);        \
})
---snip---

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF

--=_edfc8542b893ab3cd310c38265551a90
Content-Type: application/pgp-signature;
 name=signature.asc
Content-Disposition: attachment;
 filename=signature.asc;
 size=833
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmZEUNYACgkQEg2wmwP4
2IaB6g//Yy4KIYY+bU4fDwzVlAFMWuNNtnUuf+jwWmKW5h2Bh/69y0TdrjTbQxFJ
QAiZ5xg+Jbmcd0ge+eEUVTKQZUfejyhueUquIhehm531X27CySwaYlEPsdYuGMzB
AjkcitB6lZkaDm86d4TilRWhg1O5WQcP+h1LRKh/NsuC0/OaQ+hOBOivrGBgM9U+
n4tQD1GJIcuZzGZ3HgiRcEJrtXr3vKeyOB3vLvvyDwkQew4fcBlXuaYw2YMXwem6
kpRaSwo3xm6xaG/HCUjgm8EAa/+K0q0+mplnPqjtrEdIdIlHn5aZGqXYoHx4ecgN
gMorMkOuBhWojQ2c9D/PQoKvFae97+6b88Q6sBMX/CgTJut3HCgL4fKFTmDGtezn
9v09Pw/MTDmC14B0ns7515ebeYHpL4ZAdNRdWlAeeTQ9nvHEjw2TK0OUsENWC3qz
L8uzpdRu+tD8DMTHgROn1MQSL7XnkfA4XZoqj3ikfeS+nn6/bW1VL+ApLPe8FEqa
JcXa81P8GIkhqUgpckB6okKukO/P1C9iULiqKdNFCU6KnGoAJaXfvQ85nTVF1IP9
i8pPcxxYv07Ego8J+W/GC+U53VPGqMjhgoPXrjcPM4FNNw/Xsc4w+jEqbVksnLsB
WMrsekDHO0ulflc2cnldkmIc2p+RdDNcex4z/azRYjPubFmrmFg=
=khMv
-----END PGP SIGNATURE-----

--=_edfc8542b893ab3cd310c38265551a90--

From nobody Wed May 15 12:39:44 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VfXrT0W7rz5KpxR
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 15 May 2024 12:40:41 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Received: from mailgate.Leidinger.net (mailgate.leidinger.net [IPv6:2a00:1828:2000:313::1:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (P-256) client-digest SHA256)
	(Client CN "mailgate.leidinger.net", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VfXrS46Swz3xPC;
	Wed, 15 May 2024 12:40:40 +0000 (UTC)
	(envelope-from Alexander@Leidinger.net)
Authentication-Results: mx1.freebsd.org;
	none
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leidinger.net;
	s=outgoing-alex; t=1715776832;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=nCRzEIPu10Z6sL8LY3/rQqbAoetqwjux/mI4kMnapUI=;
	b=s/qBJUg1Q34GIyBOxUj6QNe9O7PwgPDx0KxZPh+h4VjpZSaBcq9UVB3DBMdmfP9oRm10p6
	KFc3Sri/1X/XzsbwUFozUmrSswdss95Z0ptbQGia1ffHYGXFiZXgBLrjLhxV5bEjEOyxj/
	D3nFlMPVRdFDVqYsE1HzYi4JrxaRNvmy6YoCJM0B0w7FL9UVLgTkFsbKVBvaaFvXJboxkH
	9YWWlivEPCtLIxZNATQ591ZuNzmmj5ne8rsEyxXH+qRtk3F4XGRxQ7121oXwKlhQe7e+mS
	Qrv3A9DS1DaY7rlCsgJDVuoDsz81o+eCbm7hxK29XCsiFyvuS3fHq2fE6P8ljQ==
Date: Wed, 15 May 2024 14:39:44 +0200
From: Alexander Leidinger <Alexander@Leidinger.net>
To: Kyle Evans <kevans@freebsd.org>
Cc: "freebsd-hackers@FreeBSD.org" <freebsd-hackers@freebsd.org>
Subject: Re: Initial implementation of _FORTIFY_SOURCE
In-Reply-To: <b77dee76-34e0-4a22-808a-bdbca33bc7dd@FreeBSD.org>
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
 <83ac28b8e8e79866facbde716b051340@Leidinger.net>
 <97f000a2-eba8-4767-91e3-d5f311fa4e72@FreeBSD.org>
 <b77dee76-34e0-4a22-808a-bdbca33bc7dd@FreeBSD.org>
Message-ID: <fc68c3ee9085d4b0c81ae1b40ca96220@Leidinger.net>
Organization: No organization, this is a private message.
Content-Type: multipart/signed;
 protocol="application/pgp-signature";
 boundary="=_a697ab9abdd776089dd8896cad57a970";
 micalg=pgp-sha256
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:34240, ipnet:2a00:1828::/32, country:DE]
X-Rspamd-Queue-Id: 4VfXrS46Swz3xPC

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)

--=_a697ab9abdd776089dd8896cad57a970
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

Am 2024-05-15 01:15, schrieb Kyle Evans:

> I've confirmed that this patch fixes libfido2, will commit shortly.

I can confirm too.

If I want to test this on more ports, I have to add -D_FORTIFY_SOURCE=2 
to the CFLAGS / CSSFLAGS? Or rather do this:
---snip---
diff --git a/Mk/Features/ssp.mk b/Mk/Features/ssp.mk
index 4213e6d668a..545e74bfa05 100644
--- a/Mk/Features/ssp.mk
+++ b/Mk/Features/ssp.mk
@@ -7,8 +7,10 @@ SSP_Include_MAINTAINER=        portmgr@FreeBSD.org
  .  if !defined(SSP_UNSAFE) && \
      (! ${ARCH:Mmips*})
  # Overridable as a user may want to use -fstack-protector-all
-SSP_CFLAGS?=   -fstack-protector-strong
+SSP_CFLAGS?=   -fstack-protector-strong -D_FORTIFY_SOURCE=2
+SSP_LDFLAGS?=  -fstack-protector-strong
  CFLAGS+=       ${SSP_CFLAGS}
-LDFLAGS+=      ${SSP_CFLAGS}
+CXXFLAGS+=     ${SSP_CFLAGS}
+LDFLAGS+=      ${SSP_LDFLAGS}
  .  endif
  .endif
---snip---

Bye,
Alexander.

-- 
http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF

--=_a697ab9abdd776089dd8896cad57a970
Content-Type: application/pgp-signature;
 name=signature.asc
Content-Disposition: attachment;
 filename=signature.asc;
 size=833
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEER9UlYXp1PSd08nWXEg2wmwP42IYFAmZErR8ACgkQEg2wmwP4
2IYWRQ//aIc6OlvzwY/3OYm95qKK3O9I3xVTq6/u0IgD+BY+MhMTXx/Ba2jruGZE
MKeLrRObyS9V8gfbLgDAbuajI+UIBuIszVdm1YqXy3EfPAZQXWWB+W+pJDPgQzvQ
zFNFrV6cQTYjVqkiUgD3/OX1pVoAesR7xlBdi+gTj7hGI7TmZ48qRzezz2MLmEX1
OZddhbmfXfPlFDH0hrFhlugROQbEpH4iZlI5J+vp8XPrWKIYD9alvTmTbH1iyrss
okQB3xet16ZyR+dft2s2+Bwa7t+bKVltAdAHFeNR5GuCghhPAoCt+N2OzFRxLa8m
zIRvcSLyZ8xCpElHS6nybeeXfRjj7sUUVPwOpcH5UO0T9SnqhBA42C3reA36mCwl
PT3YAwWGtFUsuPUt1C7lmsIJYIMB8wWXlSqnOkbY6BzUl1E0xRNCdeAFllUXk/Q3
bOTwtk5IcsDMiN9xQjbmvu0XEf8g6KRSM5pfsEucKScpyqB+XWTucFX3r6koTWbc
0otRMq/5wmzjcaCOAJHimGl+BHOldYy+EeP0nqTL1pxroLnkVHOAzqBhX/aBwDPF
0aGSbZOKeetteadb4riEoF+mBHaUg0/YT5u0Wox+9hL7e/9wVqCRLUpL8bZjNC9Z
ZBJHuMOfA4K0bTMJxxNbg9BARjH5rxe+c3k1Dak8XJpVmHpz9yk=
=Ozjo
-----END PGP SIGNATURE-----

--=_a697ab9abdd776089dd8896cad57a970--

From nobody Wed May 15 18:18:19 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VfhLK3FlTz4B1Bw
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Wed, 15 May 2024 18:18:33 +0000 (UTC)
	(envelope-from grahamperrin@gmail.com)
Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VfhLJ5gZvz4mjX
	for <freebsd-hackers@freebsd.org>; Wed, 15 May 2024 18:18:32 +0000 (UTC)
	(envelope-from grahamperrin@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=JhAubAdy;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of grahamperrin@gmail.com designates 2a00:1450:4864:20::636 as permitted sender) smtp.mailfrom=grahamperrin@gmail.com
Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-a599c55055dso206544266b.0
        for <freebsd-hackers@freebsd.org>; Wed, 15 May 2024 11:18:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1715797111; x=1716401911; darn=freebsd.org;
        h=in-reply-to:autocrypt:content-language:from:references:to:subject
         :user-agent:mime-version:date:message-id:from:to:cc:subject:date
         :message-id:reply-to;
        bh=MgQRjVOq7skSOklGkpfE10OOEFgfHnpOyAX+ixEA8tw=;
        b=JhAubAdyMs69Fe85PDCp9VFulRSSOqrxzW73/g3ZO1muDHb8TzQkYcv/E7aPpruylG
         HjlZv4OiEDs5fCQAZ5X1No4nuHAA/qintLz0MNxZ2VxOmTTrSwM5j33X6BLHtZGJ6GNc
         OAN1R9GVBU0oeX77d1p9OcM/pLKPsCjK3FfORDYqAv1L/rsdfKufQmxJ0p4F5+WMRXKK
         MJ9hyWhRDpcXaRF5DYtBZ4ITZI5Ae/8knDtaMBT5p4dR1q1EXvO3Ypj8V+u5CgVZNI4V
         peVBhyImXAV5bG1ESFWvFhlUz799HRifJwvCKXW8htNPEuSIoc3K41fJhU/pIJl2vpNB
         EPqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715797111; x=1716401911;
        h=in-reply-to:autocrypt:content-language:from:references:to:subject
         :user-agent:mime-version:date:message-id:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=MgQRjVOq7skSOklGkpfE10OOEFgfHnpOyAX+ixEA8tw=;
        b=j+DDixQG3/TEIRJVoper7YnhIluipA3cAncYN4RKXWhr1sxhko0vVkq+ovJyh0v7iI
         P+pCOy3FsXOj8wbwQvfuoOswFuJyZ+usxyLbfDEZ5Q02oDbGtlZ6qhQjW1usEvHR5svP
         i6YdBVKQI32OuVcSTgKEEGr5eM2hln/b3rcVKCWwbj9ATBRDFNmuQeiN3bYY6Uo3nAaJ
         vJ+sjJlb0vMamPAIfflcoP55xZI79S0oxyezYPWuw9sa3yNHWsEnE9oBTlPsJKps7Z2i
         O4YArSu0iHj8UV6neuIWt9gr4UX11FyplEmHdB1U0OOqEeZGFbFDiKeAnJYwR3qZVobq
         9K0A==
X-Gm-Message-State: AOJu0YxK7rDWLf0m/CbRUDq/5C2h56OA8qFyXiCHO3ZYOYxDMC1aWMYH
	eY5F26SHpPAjqg0oBTUdPTxOjXyCxeV6Zv/YqBkVAggj1XftA2WiQblHpJus
X-Google-Smtp-Source: AGHT+IE1TPoaAGYV/hoMyRF3YRJYpy/2eyAP1MrktwDygS4BaMvaN6o8LDwaODJzxAirFLLDE01bAg==
X-Received: by 2002:a17:907:928a:b0:a5a:52d0:52bf with SMTP id a640c23a62f3a-a5a52d0532emr955603166b.33.1715797110579;
        Wed, 15 May 2024 11:18:30 -0700 (PDT)
Received: from [192.168.1.10] (host-80-42-75-232.as13285.net. [80.42.75.232])
        by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a5a3c65d06fsm724036366b.52.2024.05.15.11.18.29
        for <freebsd-hackers@freebsd.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Wed, 15 May 2024 11:18:29 -0700 (PDT)
Content-Type: multipart/alternative;
 boundary="------------z9R9IItRSvxTdPyLe0FO1Sta"
Message-ID: <e31ce31b-5f0c-461f-964a-08622bbb51d3@gmail.com>
Date: Wed, 15 May 2024 19:18:19 +0100
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Emoji in FreeBSD: Firefox, Thunderbird, and Chrome
To: freebsd-hackers@freebsd.org
References: <489dde7f-a6f6-4c31-a484-3d26d5521a85@m5p.com>
From: Graham Perrin <grahamperrin@gmail.com>
Content-Language: en-GB
Autocrypt: addr=grahamperrin@gmail.com; keydata=
 xsFNBGKYt7ABEAClu83dJ3ZKfVgPOk9YKRv0Z+dl2b88+k9R4vwAmElgguYdKE7yhnQNhhWM
 v9vi6AFrBMc2oJdVHJ2OrXfwpELBFIgiSMEWNsC4e+Z3HtSajcl+pFZsP7ciiSoycj/w3wIV
 kAZoVGbhyIbNG7fbCEJ8q81TbfsGypV3bRmbZVvGNecBguYiooBtz2Qht1p3itXMkIA6P9pS
 YDl+6QddZLyUUAjAnFv2QDoYSHLnaDUWw4oONZsB0SKVu8jMIBh4uJZoYEOvdvc9jQQdOpA2
 CAgA6ulfm42Ikr9lKBUUCtjqiWAhJ7iXOTyHAIdR4Mf8alCE6tdTq6dHdIt+GktTY7oYNyL2
 3aD3C7I5waU0SFXvJcOMG10QLfwYQMOQoYQ9XJ0U5A28WYiDcylDdUWT7SappP1e1ZMeJWWO
 y14mxxNzHaJSI4rK8P/p5tp3Q7SSC4k5gMh9zKba3K2ApCWNbVLGvXsJeQkZZNvu70tE81ey
 AHI5iZcB6D7WaHysBUmsKaEpbcmm1ZThTnGL0SHEl5to5Jab5Fg6O+Cnly5sVz5lX/v8Aosx
 kKNei7SCVqXOVtteQeGxWbXWbhPgbMyc0Gi3DuxBI/yvJ43k/rJysQlLGLWfJx/UXprwLluC
 PDK9EvKEB+fD1Z349uzp1sKr3ihpySbyKI8fpudftnAz4EsoCwARAQABzSZHcmFoYW0gUGVy
 cmluIDxncmFoYW1wZXJyaW5AZ21haWwuY29tPsLBlAQTAQoAPhYhBFk/5bLDBwftvJcvCrdn
 SG9KGNQLBQJimMMBAhsDBQkFo5qABQsJCAcDBRUKCQgLBRYDAgEAAh4FAheAAAoJELdnSG9K
 GNQLbHAQAJi998y42bEbq5HmABYovmAEtQj33YSUWyc9QRmAHpN8Er3lTKsgmZcVChB5Fu/d
 go2oYynDjlVpA7+wiSmg4AG78mOYbg/e19XMhrH0keDKqZXFkU+G7agR0mF09qvpQZ9MTJYZ
 2u7FtytZK665UfipOdV8eGn2hFC/WynjUwEzKyryBgbbLAEbfOPeZNry4h2ZPWbtTvx/PE/V
 X3Vh2oGqYx69DCGz+0xEhy62ZKbkX5SL8LUf/1WViyCVzsHasFxmFxYPWIfBy8ayQ7xapz7M
 cSXSQyu4oDT4qh9eZiGP9/aAcZKHcV6t9y77JGhUJ/5O1sANKMa3YhgimE+Z86LHYa1IH774
 PHj1nAXBwS+Cj/1l/NQoQcyjvOj8zuCsMJVaLMb6B46YsReP4+3yBLpyeBC//t6zWPbgAkWW
 VjROC0dXUAMTFpnA6NZe3UghG+Nc4fnCLGOhc2nyWFYHIaYV6Hv1ITFSem9DdeNnR1CFm1VM
 TJ7i7TuqYM+WZTkoUsTf4c46hS/ZNJZSCxh0s9yYr+BYk3XBbd+ElaZ1dJE6cuSVdw15+P2h
 DnprurxC4byl4YFkn+UAVvQsOgeq6aSHLOHX0weYu1OLoiPYsTdyGhne72+kDhEEdFD5aHdQ
 PFrbQIrqWLV0a04++0ZwGpNvXtgnWhDdAQJDwGsSSwbLzsFNBGKYt7ABEADRb1tZuh7DPYET
 0wK6fe7owbYgM+RfKhmcrGgR2HI9M2q6+0WKF/ITnggWdIW2Ecc4z2boLz/cwvPGCS7/YxZM
 61KklGCwuS7q1s04XnHDWHuFxfXQPzAdVmNO3bYoMZbJjHXs6sB2u5ksiwPwaMAWWaGkviSj
 c5pwvHCiTmX5vH5CBj/Vi+5ESyX38vK4JM5S/m4ouI/6M9biyFgimV+v3vVyCxJCT1gI9g4o
 GIh1qq5S433b1fihn4yHPf8XOKyBpA/QcwLONViBqJL5nnOxpsh344rNxn2R7CcRzzicOV+e
 2IbMem4lwNWQlZKoRotKXZi9LqN5mynSBYqAUdoZum0QinWT9F22B0Qex5PH1zAt9i2W91Vd
 kcPB3LwkRXj07ycRtsSzpgPA6fLc6AsoWFslHl8kVOO5eJIA4xhjlPa+W8lguQHZ0iX+5uAv
 2eAgXR2swADuHPuENNFStmsgAMl8OOOgtq75yA5TpyIzxMuXV9Nmp0VfIaUM/IdLdmxhc1pC
 c320l5fYMHVLFAReWEbSj2QH8YzWfpXHIegutWWYEbH9SiDXgS9KoKmCJV/Qa+x6/b8y3pOZ
 vnIbCDaynC2Yr50s8gRa9kb54JE8Z+p8r16U3SEsK3PtUi0RF0e51danCVHrrE6/Hat2XUO/
 6nnYgVgFOrLao6Gh/VMs8wARAQABwsF8BBgBCgAmFiEEWT/lssMHB+28ly8Kt2dIb0oY1AsF
 AmKYt7ACGwwFCQWjmoAACgkQt2dIb0oY1Av7qg//YjCZg8VXyMzXssgIQpROKKqh5V0UBSQl
 rM3tq4tWhyg0HVMugQj0Om+iNPsEEOGHkm6tyhHMzlKGpAc/l0iAM+8twIyg44Yo5+DcfFXr
 OMTbTw9T9jDsWOkOBksxy29iYhgpqpWdDBnhXvrJp/FNAiX8CfzrIOZeFPydDoEiKBEXAxfe
 a9o5J/JeVnZiUeoiFe7i68nZGsb4JxhPczNfqW12t0Ll5/ibjszg5BgjXiLao0KqbWNh4bS5
 CVwH90Or+5qqWgzWPeBiuz+rN2QXE/V/fL44GEj1YKASCqmaiYRgjoRFubz1aq1wCXMXY3Iq
 d4525rscUgS7HBxbblnyTodUPaamN/2nSzcmE/Pkx8MApDSgZCIhs0RTAg+/AoX4HULV1rSE
 TQwMrBEQt84Tw5W5rHsvXKr4ZEsJUpbPLWYTISsp23nHR+vZtL/Ug+OWCmHC7X7D21xk/xVJ
 4sA1RLJBKdCHtnyA4Unv/kNS1KVGxHnITVyw1a71QJADu4qsdtM5u6CyYUhqhM1oseWtV6j+
 Qi8KC/G4C3AgZf06fe2fVl42z2grTabL4bC6FQXMwTX2dsm5NakWjUCmUL8uwsQE7ZA4zKxo
 EYI1YV9q1birpzncYRupr1qnMoggMUHWq0IBYshFQrEO8PeVUZBw7/GfAeh3argdw2Qu748T Cyw=
In-Reply-To: <489dde7f-a6f6-4c31-a484-3d26d5521a85@m5p.com>
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.98 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.99)[-0.986];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
	R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
	MIME_GOOD(-0.10)[multipart/alternative,text/plain];
	XM_UA_NO_VERSION(0.01)[];
	RCVD_TLS_LAST(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	ARC_NA(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:~];
	RCPT_COUNT_ONE(0.00)[1];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	FREEMAIL_FROM(0.00)[gmail.com];
	FROM_HAS_DN(0.00)[];
	FREEFALL_USER(0.00)[grahamperrin];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	TO_DN_NONE(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	MID_RHS_MATCH_FROM(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::636:from]
X-Rspamd-Queue-Id: 4VfhLJ5gZvz4mjX

This is a multi-part message in MIME format.
--------------z9R9IItRSvxTdPyLe0FO1Sta
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 14/05/2024 20:26, George Mitchell wrote:

> … in Firefox, even when I set all font setting …

Set fonts for:

- other writing systems

--------------z9R9IItRSvxTdPyLe0FO1Sta
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!DOCTYPE html>
<html data-lt-installed="true">
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body style="padding-bottom: 1px;">
    <p>On 14/05/2024 20:26, George Mitchell wrote:</p>
    <blockquote type="cite"
      cite="mid:489dde7f-a6f6-4c31-a484-3d26d5521a85@m5p.com">… in
      Firefox, even when I set all font setting …<br>
    </blockquote>
    <p>Set fonts for: </p>
    <p>- other writing systems<br>
    </p>
  </body>
  <lt-container></lt-container>
</html>

--------------z9R9IItRSvxTdPyLe0FO1Sta--

From nobody Sat May 18 06:35:11 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VhDbS1QlWz5LB9q
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sat, 18 May 2024 06:35:16 +0000 (UTC)
	(envelope-from paulf2718@gmail.com)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VhDbR2dGDz4HX7
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 06:35:15 +0000 (UTC)
	(envelope-from paulf2718@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=nR9rsHSx;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of paulf2718@gmail.com designates 2a00:1450:4864:20::429 as permitted sender) smtp.mailfrom=paulf2718@gmail.com
Received: by mail-wr1-x429.google.com with SMTP id ffacd0b85a97d-34f0e55787aso679086f8f.2
        for <freebsd-hackers@freebsd.org>; Fri, 17 May 2024 23:35:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1716014114; x=1716618914; darn=freebsd.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id:from
         :to:cc:subject:date:message-id:reply-to;
        bh=ZrE2UBL+mGKJ/CKC0i7xhVC3ZTqoA+TIu6ow3l4Wnho=;
        b=nR9rsHSxgHD7uheev7etDf/hTOo5pU+FBNvqwViHSsKek9fT/PkkNMLIdZgJIozEmO
         7L81jNMmWKiPJ828rtm0fZrnOhMeGtC0aRcNwJKxUiwpwbRPKWwO+KOvpFWsDyxrGu2D
         WiM84zpkZDcvppNLgFD2owSGcP8PuD8xQ5zBUpoNWYdf84ekdhFGx53wTRFSJEHKSjH3
         09tpHzER6YZvYFKPmlMGE1nknaOXGsqzqYYMt8xoF77smnr47ZD/jyaJQ7X9xlW274Q6
         TL1HuXr+VrKczKByzw4pR4narQ2RD1atd6y0jJFSXNfD/C52oRBVXhK33/ObQI5m7EVB
         JlBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716014114; x=1716618914;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=ZrE2UBL+mGKJ/CKC0i7xhVC3ZTqoA+TIu6ow3l4Wnho=;
        b=BtaAbVQS1kdK33AApoZ6rArzBn9qJNXR3uLlZ11VOJTtOOeYkxRzQcsXQGq9TgmVx1
         xBkhhmmG1LsQFWmiAhygyh80vDlgGZyRifwQSWGCo8uz19DWT21+OYdGqN3ncHysZKi7
         RGONzlanXf/97aOtHFeCAGGulweMOL6iQea5W8aNYyHNqOtKU68Eyil/6iP/6ZhARG8t
         7d4NY90EUKink1+QZLgE0f87r/C/86vZCU3XbsukY3w2OfCmdBoVEvoMEu3cTbD712vH
         W6V1Gxqg7TXIOZUROS2kSuIc+TtHof1IFYLU0iCvkfOS5o0ioiDQcD6o5avtOH67PVE6
         1JYw==
X-Gm-Message-State: AOJu0YwgtPTMXT7MmX36iDtAZOHL89pHPCIBL8+qivNJ742ug+8yOBuH
	HVgznR0FkUSDUIUXA8B9DObA+tW8Ka9Wc0zAmqc+X7wLNvMrQhRdS/yi8g==
X-Google-Smtp-Source: AGHT+IHTX9+nWXwSI7NcndTtkCw8o3QBHJx6ci7RXSew5+A1P8LJym7IJFU4vFI5sieS8k7Y4ON01A==
X-Received: by 2002:a5d:4f04:0:b0:34d:a4b4:9f60 with SMTP id ffacd0b85a97d-3504a968882mr16767600f8f.52.1716014113731;
        Fri, 17 May 2024 23:35:13 -0700 (PDT)
Received: from ?IPV6:2a01:cb15:8010:2f00:1aa9:5ff:fe16:2efb? ([2a01:cb15:8010:2f00:1aa9:5ff:fe16:2efb])
        by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3502bbbbde1sm23389371f8f.97.2024.05.17.23.35.12
        for <freebsd-hackers@freebsd.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 17 May 2024 23:35:13 -0700 (PDT)
Message-ID: <e48d6518-5d73-44c5-9d12-8ec2656e0380@gmail.com>
Date: Sat, 18 May 2024 06:35:11 +0000
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Initial implementation of _FORTIFY_SOURCE
To: freebsd-hackers@freebsd.org
References: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
Content-Language: en-US
From: Paul Floyd <paulf2718@gmail.com>
In-Reply-To: <f8000e6b-226b-45f3-a751-aca790f4f8c8@FreeBSD.org>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.95 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.96)[-0.955];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
	MIME_GOOD(-0.10)[text/plain];
	XM_UA_NO_VERSION(0.01)[];
	RCVD_TLS_LAST(0.00)[];
	MIME_TRACE(0.00)[0:+];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FREEMAIL_FROM(0.00)[gmail.com];
	ARC_NA(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	FROM_HAS_DN(0.00)[];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	TO_DN_NONE(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	MID_RHS_MATCH_FROM(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::429:from]
X-Rspamd-Queue-Id: 4VhDbR2dGDz4HX7



On 13-05-24 17:47, Kyle Evans wrote:
> Hi,
> 
> As of 9bfd3b407 ("Add a build knob for _FORTIFY_SOURCE"), I've imported 
> an initial version of FORTIFY_SOURCE from FreeBSD.  FORTIFY_SOURCE is an 
> improvement over classical SSP, doing compiler-aided checking of stack 
> object sizes to detect more fine-grained stack overflow without relying 
> on the randomized stack canary just past the stack frame.

Hi

I'll try to have a go this weekend.

Are is there any known impact on debuggability? Specifically for tools 
that need to do stack waliking.

A+
Paul


From nobody Sat May 18 16:59:30 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VhVg42gnyz5L8Yj
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sat, 18 May 2024 17:09:20 +0000 (UTC)
	(envelope-from anonloli@autistici.org)
Received: from devianza.investici.org (devianza.investici.org [198.167.222.108])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VhVg356TVz4Jpv
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 17:09:19 +0000 (UTC)
	(envelope-from anonloli@autistici.org)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=autistici.org header.s=stigmate header.b=RiWqBLwh;
	dmarc=pass (policy=reject) header.from=autistici.org;
	spf=pass (mx1.freebsd.org: domain of anonloli@autistici.org designates 198.167.222.108 as permitted sender) smtp.mailfrom=anonloli@autistici.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
	s=stigmate; t=1716051595;
	bh=CA1r8pElJfWonZAIwt2Dvo4Q0iYk6tNz8R2Uwd2nmcM=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=RiWqBLwhemnOId6bO4usdl5xTgkvPgAygLDt/dpk5hePEftbLFTyZEHsbZUFCKJwM
	 IxAkKwWMWASz8NhKQcxhUDYHuAVKviFfp+NN46v87W/MBqldhAowqM1fUg/okE+8Vj
	 aPJsb+aRQduw95hmpC1lxl0YU504WF1tfu4G+qMs=
Received: from mx2.investici.org (unknown [127.0.0.1])
	by devianza.investici.org (Postfix) with ESMTP id 4VhVSC51J1z6xbN
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 16:59:55 +0000 (UTC)
Received: from [198.167.222.108] (mx2.investici.org [198.167.222.108]) (Authenticated sender: anonloli@autistici.org) by localhost (Postfix) with ESMTPSA id 4VhVS95NPXz6xbL
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 16:59:53 +0000 (UTC)
Date: Sat, 18 May 2024 16:59:30 +0000
From: Anon Loli <anonloli@autistici.org>
To: freebsd-hackers@freebsd.org
Subject: GELI disk corrupted or external influence?
Message-ID: <ZkjePdUJqqrjjFsO@anonloli>
References: <1716050202-69054-mlmmj-647e0ac8@FreeBSD.org>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1716050202-69054-mlmmj-647e0ac8@FreeBSD.org>
X-Spamd-Bar: +
X-Spamd-Result: default: False [1.30 / 15.00];
	MID_END_EQ_FROM_USER_PART(4.00)[];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[autistici.org,reject];
	MID_RHS_NOT_FQDN(0.50)[];
	R_DKIM_ALLOW(-0.20)[autistici.org:s=stigmate];
	R_SPF_ALLOW(-0.20)[+ip4:198.167.222.108:c];
	RCVD_IN_DNSWL_LOW(-0.20)[198.167.222.108:received,198.167.222.108:from];
	MIME_GOOD(-0.10)[text/plain];
	GREYLIST(0.00)[pass,body];
	DKIM_TRACE(0.00)[autistici.org:+];
	RCVD_TLS_LAST(0.00)[];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	ASN(0.00)[asn:39287, ipnet:198.167.192.0/19, country:FI];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	MISSING_XM_UA(0.00)[];
	TO_DN_NONE(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4VhVg356TVz4Jpv

Hello mailing list!
I've had an event which includes modifying some BIOS settings (can't
remember which exactly), and testing some OS other than FreeBSD.

And I think that the said OS did something malicious to the disk in
question because it has been doing it for prolonged period of time, and
mentioned disks..

So this was all on same machine, like dual-booting but from another
drive.

Then when I went back into FreeBSD I noticed an error, `geli attach`
doesn't work, I used a /etc/rc.local script for the GELI disk like so:
`geli attach -p -k /etc/diskpassword.key /dev/ada0
zpool import zmedia`
I get an error message when I try to run the geli command:
> geli: Cannot read metadata from /dev/ada0: Invalid argument.

I have /var/backupts/ada.eli if that can help..
There's only /dev/ada0, no ada0s1 for example or .eli or whatever..
Also when running `gpart show`, I see 2 disks:
xxx GPT (main boot drive)
freebsd-boot
freebsd-swap
freebsd-zfs

and
ada0 GPT (the drive in problem)
-free- (everything)


Does this indicate that everything has been lost, like the partitioning
table or whatever you call it, like it has been formatted?
Did the other evil OS-fucker destroy my disk without saying it would do
that?


If you can't tell, I'm hesitant to give more information than what's
necessary for someone to help me because almost any data can be used to
deanonymize someone, but if you do need some information, please feel
free to ask.


TL;DR: some OS could have wiped some part of a FreeBSD-zfs drive, can
you help me conclude wether or not we can somehow save it?

From nobody Sat May 18 17:18:38 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VhVsy2YcVz5L9VF
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sat, 18 May 2024 17:18:46 +0000 (UTC)
	(envelope-from karl@denninger.net)
Received: from colo1.denninger.net (colo1.denninger.net [104.236.120.189])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VhVsx4D3Bz4LgG
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 17:18:45 +0000 (UTC)
	(envelope-from karl@denninger.net)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=pass (policy=none) header.from=denninger.net;
	spf=pass (mx1.freebsd.org: domain of karl@denninger.net designates 104.236.120.189 as permitted sender) smtp.mailfrom=karl@denninger.net
Received: from denninger.net (syn-096-033-195-197.res.spectrum.com [96.33.195.197])
	by colo1.denninger.net (Postfix) with ESMTP id 53FC12110B2
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 13:19:23 -0400 (EDT)
Received: from [192.168.10.25] (D15.Denninger.Net [192.168.10.25])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by denninger.net (Postfix) with ESMTPSA id 68B56D3D2D
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 13:18:38 -0400 (EDT)
Message-ID: <f9c2844d-aecf-4f88-92a5-3d53481ceb54@denninger.net>
Date: Sat, 18 May 2024 13:18:38 -0400
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: GELI disk corrupted or external influence?
To: freebsd-hackers@freebsd.org
References: <1716050202-69054-mlmmj-647e0ac8@FreeBSD.org>
 <ZkjePdUJqqrjjFsO@anonloli>
Content-Language: en-US
From: Karl Denninger <karl@denninger.net>
Autocrypt: addr=karl@denninger.net; keydata=
 xsFNBF1Rd+gBEACmLAH7SAzdQq57ZN56QQEy0jDFfH5BvGOMZgCaP+Y5lJQ5u9WphCoCALMs
 Rg0o1Q9DRNWgUmy/cgsxioXAEzZFXXzOHPJhwplVOgfjxnoByD5KQhWG8Owm9QmATdtiZPSV
 4UYVNUIbZv7btSnnAXysG2OUHajYS5PVeFQxFbhNFq/SS8VaXr1WEVTFa8NFKp2W3/KY1A+U
 KKDUlYwnOauK3fnY9chF2IRSoxAbBJFrJ4lPGz04HtzNos4Q9CBfTphKcdFjcPntNS9wrqs3
 sm+7hLNTH9B2Kj6aekG5UhD03eyP+gevTgBy51RL6ULzI13Kc4aeyOByuBXrA8D2m2Ee67iy
 4+ZSxM9Wn1gQce5624OWzCYIGBH2r75Bshp1KHKu36N2rN//kyKYnwl/z6UZB/S9cMUFKZgL
 gFx7QxpFX/HvSiBcPfcGS0meModpg6qma7/2jRoQAXacslpiT+uOfRGspNbnglkbw435RzX/
 kMUclJQNZBBBUpPiGjVCjeBTiAfN8TyjS+pWzwxNCUZWbYO5xVaS0gbIhgVNoBOGn1rdTsdA
 PP65SRjaoL5KY6bzkkzrXLB2Djx8/p4vr0qIqxIQWbewJq3xKyKGiqI46ae77BF7k0B++Ndx
 g9K9UeWKl/iJ0eoI0ftR+xH3aIHTU1Or3j/tj4j8Z0tnVSyt1wARAQABzSNLYXJsIERlbm5p
 bmdlciA8a2FybEBkZW5uaW5nZXIubmV0PsLBfwQTAQgAKQUCZj4NhwIbIwUJDK6K2AcLCQgH
 AwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEG8twBXrj1l42DQP/A0AGcBuGhHzGh2aFyW94B29
 ECEkmkxigmQt++AG9xr3Qv4gC6UtSGzKo50SWAdek5peBRTbeDALa/tQvBsbi2aJgYWxZVOV
 N2XLe89ZjvJuTZqXaG/iaV50es56/cWBlG7VR+5/ijw3uSWO6gZ+L5bkKnQ/p8OWUP0GbtV1
 rmEL4DOf6Sel7vOHGLIOgppMxH3DqAgHINZPhOBn/ySnFYNRUyUzp+DxKweH3/6UT8kLST4z
 UykLcb6HCXEkPM8ECyXkQacE6AfSsrj+tpDv97ZU9UzfprMGY8MmtpACc2509YhdDgljoaGq
 dfC2//HDKjEt31apoiKwQ9x2oqDBRtkRJoSuqC+rxRDGYMFdxRUBTEJ/j/P3EJdqCO128Jb+
 2iw+0ERUqMyPJWpRXb+J/zdo4ge5RP39LreyNhblEF3aKIvNMj+KrGwznB0Muny8uP73O/bw
 w7Nkj6HuXbq9gZ1jV6WqHzP9seadWpxLhcR8UQZqgFbO7Q4Y1Lj7TWt/cEoGXe5TeBGO8/b/
 Q0g+LF0+/waARlk9dwVx5vBol4ZJ4gDEwzZD6IqDYB5Knenv/wWAdK7WrzLqP4zBzU5vwpJ+
 Aj8i+lkqGcaCdtMdRZpa3qR68eKgutuVCzCt3Ydt2Oeiz/D0ccI++FzJgqfD+r4B1pjWT/V3
 SRerR30au23XzsFNBF1Rd+gBEADNVFS8nQ+kpKOpgtP+f3bCVxHAm7eHMbX6oew5yZiQwfD+
 1RWNWLVOMeTt7G2e5HsHpJOUwFUJhbDb0omB0r38xTSVSAig9kmUfb7tTMJG2bG7WfWykBOM
 WIZ4OhCf+ISv9dUkjNgx4ionWotFxwDiPRwWumVQ7WYZmRZlhDWMiaHgKvBrjJ7Y6GKPRbQc
 5/0Qz9xGhXKlFxDQrrSMkyRThIOxXqdfD9z3rEsV3ZwOojzNsnkIImnQMKyIAR0FBQop34G9
 wDQi7fxk8wGIfDszwfR4oAdDdPGq4gcAvE7Fd3xKyNpGyjSED5szoaFjldaZSXQIffquSUvy
 sFCTTLRIso5Dn9uQgi57gIv+5mnyKBfm2Z2P6pEQPSt073TED9rS0+JpniJL7rKRVpO5niqw
 sQJS6ht+JF88rXro+SiwxD/KeDpTuuJ10+ohLVi1Y+X82X7BIQEhqtFp9FVJSds4o/eNyaHd
 SoqfoeWMy3EV+rdJ3DneXcPS1BgxO57Rko5Hx3NUSVK83ovFb+Ofes9SLNdqNu3xAUcfpRdS
 DyxzpVbCq6Y2CIojiaweiYe5BOBhmR9OPGhqP8YD7GukYmQufAVuOrIVyctBlVPHgMBb+UX+
 ItYXuX4weSJWLOsmM45xd/EYvBq2DWFpKlyihoktNzTGqxGsNeG7gCOEUTAnUwARAQABwsFl
 BBgBCAAPBQJmPg2HAhsMBQkMrorYAAoJEG8twBXrj1l4s28P/icoshBPgHA86zWSiBYWtR4M
 TXbg86Yo5tMm64gO2ipXHlDnS0fQOjkJvfo+1e8soq0Rf4RxvKGEDLF9sxLD3z0ptF4Lj8aN
 zddLPlWFUZ9iOGbDGZhdvnB6YfCWEOXnkXJHfdheYOd/cni54Y4MT1sPMUiPGDlB4Fpu1voL
 wMZdGfplQYuV+zYv2ezd6Aoc/YwmhixX3YSjy6vFa+7x8OXrGUK69XaZ649GGHpeZzYuLTPw
 jAfCjbYBk9a24GtQlO/sk9SHRlxIU1e/AflNMtOMYDwuEDLuPgTLe4pRt4lnSdnQSVsFoYz1
 nO7XBtyJdUa2rrhcLfhmSxlbJF/4cmNB4ebyT+5v+9ChpMVqzpKBCjyxPm4s+WVq4aYQ7D24
 caCcUknD82iMFDFvbV0dm/xAQKZ3k+L/apMhHtUS23dzhJemxWdeQ6Cs2l0FYoGtrEzfUguR
 Hj7U3opGU6F4dnH1nQt4CbaXAOXM2Zh4ik+z5xRv9ro7fZUG8KSaz8dHKc2scpnJsqdS5XEk
 NwcHQUCCwSOEPzbugPJY1vjkjlTGWu6ihN7mjxxfthNPGU21/Vfv0d+mlBNdTkl2YOlQtKci
 YBqkhRb5Re9KC+6O7dWFf5qPZQiD3iUOxUOWsaQhj/CxO+EYk7kxEJxV4tMZfesE90LgTINX
 Z7FdWd0DYG+m
In-Reply-To: <ZkjePdUJqqrjjFsO@anonloli>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------5pQC4Hl6TpthyFD8Ixxkzkjj"
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.30 / 15.00];
	SIGNED_PGP(-2.00)[];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-0.88)[-0.879];
	NEURAL_HAM_LONG(-0.50)[-0.505];
	DMARC_POLICY_ALLOW(-0.50)[denninger.net,none];
	MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,multipart/alternative,text/plain];
	R_SPF_ALLOW(-0.20)[+mx];
	NEURAL_HAM_MEDIUM(-0.12)[-0.122];
	MIME_BASE64_TEXT(0.10)[];
	XM_UA_NO_VERSION(0.01)[];
	RCPT_COUNT_ONE(0.00)[1];
	FREEFALL_USER(0.00)[karl];
	HAS_ATTACHMENT(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_TLS_LAST(0.00)[];
	ASN(0.00)[asn:14061, ipnet:104.236.64.0/18, country:US];
	FROM_HAS_DN(0.00)[];
	ARC_NA(0.00)[];
	TO_DN_NONE(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	R_DKIM_NA(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	MID_RHS_MATCH_FROM(0.00)[];
	MIME_TRACE(0.00)[0:+,1:+,2:+,3:+,4:~,5:~]
X-Rspamd-Queue-Id: 4VhVsx4D3Bz4LgG

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------5pQC4Hl6TpthyFD8Ixxkzkjj
Content-Type: multipart/mixed; boundary="------------iZXQ0X3yD6KAES0PG0tzrpdi";
 protected-headers="v1"
From: Karl Denninger <karl@denninger.net>
To: freebsd-hackers@freebsd.org
Message-ID: <f9c2844d-aecf-4f88-92a5-3d53481ceb54@denninger.net>
Subject: Re: GELI disk corrupted or external influence?
References: <1716050202-69054-mlmmj-647e0ac8@FreeBSD.org>
 <ZkjePdUJqqrjjFsO@anonloli>
In-Reply-To: <ZkjePdUJqqrjjFsO@anonloli>

--------------iZXQ0X3yD6KAES0PG0tzrpdi
Content-Type: multipart/alternative;
 boundary="------------kzdCdSCPjL5h7ZIsg2NrPknA"

--------------kzdCdSCPjL5h7ZIsg2NrPknA
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

R3BhcnQgb24gdGhlIHJhdyBkZXZpY2UsIGlmIHlvdSBkbyB0aGUgd2hvbGUgZGV2aWNlLCB3
aWxsIG5vdCBzaG93IA0KYW55dGhpbmcgdW50aWwgYW5kIHVubGVzcyB5b3UgYXR0YWNoIGl0
IGF0IHdoaWNoIHBvaW50ICJncGFydCBzaG93IiBvbiANCnRoZSAiLmVsaSIgZGV2aWNlIHdp
bGwgd29yay4NCg0KQnV0IGl0cyBlbnRpcmVseSBwb3NzaWJsZSB0aGUgb3RoZXIgT1Mgc2Ny
aWJibGVkIG9uIHNvbWUgbnVtYmVyIG9mIHRoZSANCmZpcnN0IGZldyBibG9ja3MsIGluIHdo
aWNoIGNhc2UgeW91IG1heSBiZSB1dHRlcmx5IGJvbmVkIGFzIGV2ZW4gSUYgeW91IA0KcmVz
dG9yZSB0aGUgbWV0YWRhdGEgaXRzIGhpZ2hseS1wcm9iYWJsZSB0aGUgZGF0YSBoYXMgYmVl
biBzZXZlcmVseSANCmRhbWFnZWQuwqAgWW91IGNhbiB0cnkgaXQgKGFuZCBJIHdvdWxkIGNl
cnRhaW5seSksIGJ1dCB5b3UgbWF5IGJlIHNjcmV3ZWQuDQoNCklGIHlvdSBjYW4gZ2V0IEdl
bGkgdG8gYXR0YWNoIGl0IHRoZW4gYSAiZ3BhcnQgc2hvdyAvZGV2L2FkYTAuZWxpIsKgIA0K
U0hPVUxEIHNob3cgdGhlIHN0cnVjdHVyZSAtLSBhc3N1bWluZyBncGFydCBjYW4gZmluZCBh
IHVzYWJsZSBwYXJ0aXRpb24gDQp0YWJsZS4NCg0KSSBhbSBub3QgYSBmYW4gb2YgdXNpbmcg
Z2VsaSBvbiB0aGUgd2hvbGUgZGlzayBmb3IgdGhpcyBleGFjdCByZWFzb247IA0KYW5vdGhl
ciBPUyBpcyB2ZXJ5IGxpa2VseSB0byBhc3N1bWUgdGhlIGRpc2sgaXMgbm90IGZvcm1hdHRl
ZCBBVCBBTEwgDQpiZWNhdXNlIGl0IGRvZXMgbm90IHNlZSBhIHBhcnRpdGlvbiB0YWJsZSBz
aWduYXR1cmUgYW5kIGluIHNvbWUgY2FzZXMgaXQgDQptaWdodCBncmF0dWl0b3VzbHkgd3Jp
dGUgdG8gaXQgYW5kIHlvdSBtaWdodCBlaXRoZXIgKGluIGNvbmZ1c2lvbikgDQphcHByb3Zl
IGl0IG9yIHdvcnNlLCBpdCBtaWdodCBub3QgZXZlbiBhc2shwqAgWW91J2QgaG9wZSBub2Jv
ZHkgd291bGQgDQpkZXNpZ24gc29tZXRoaW5nIGluIGFuIE9TIHRoYXQgaXMgdGhhdCBUSEFU
IGR1bWIgYnV0Li4uLi4NCg0KT24gNS8xOC8yMDI0IDEyOjU5LCBBbm9uIExvbGkgd3JvdGU6
DQo+IEhlbGxvIG1haWxpbmcgbGlzdCENCj4gSSd2ZSBoYWQgYW4gZXZlbnQgd2hpY2ggaW5j
bHVkZXMgbW9kaWZ5aW5nIHNvbWUgQklPUyBzZXR0aW5ncyAoY2FuJ3QNCj4gcmVtZW1iZXIg
d2hpY2ggZXhhY3RseSksIGFuZCB0ZXN0aW5nIHNvbWUgT1Mgb3RoZXIgdGhhbiBGcmVlQlNE
Lg0KPg0KPiBBbmQgSSB0aGluayB0aGF0IHRoZSBzYWlkIE9TIGRpZCBzb21ldGhpbmcgbWFs
aWNpb3VzIHRvIHRoZSBkaXNrIGluDQo+IHF1ZXN0aW9uIGJlY2F1c2UgaXQgaGFzIGJlZW4g
ZG9pbmcgaXQgZm9yIHByb2xvbmdlZCBwZXJpb2Qgb2YgdGltZSwgYW5kDQo+IG1lbnRpb25l
ZCBkaXNrcy4uDQo+DQo+IFNvIHRoaXMgd2FzIGFsbCBvbiBzYW1lIG1hY2hpbmUsIGxpa2Ug
ZHVhbC1ib290aW5nIGJ1dCBmcm9tIGFub3RoZXINCj4gZHJpdmUuDQo+DQo+IFRoZW4gd2hl
biBJIHdlbnQgYmFjayBpbnRvIEZyZWVCU0QgSSBub3RpY2VkIGFuIGVycm9yLCBgZ2VsaSBh
dHRhY2hgDQo+IGRvZXNuJ3Qgd29yaywgSSB1c2VkIGEgL2V0Yy9yYy5sb2NhbCBzY3JpcHQg
Zm9yIHRoZSBHRUxJIGRpc2sgbGlrZSBzbzoNCj4gYGdlbGkgYXR0YWNoIC1wIC1rIC9ldGMv
ZGlza3Bhc3N3b3JkLmtleSAvZGV2L2FkYTANCj4genBvb2wgaW1wb3J0IHptZWRpYWANCj4g
SSBnZXQgYW4gZXJyb3IgbWVzc2FnZSB3aGVuIEkgdHJ5IHRvIHJ1biB0aGUgZ2VsaSBjb21t
YW5kOg0KPj4gZ2VsaTogQ2Fubm90IHJlYWQgbWV0YWRhdGEgZnJvbSAvZGV2L2FkYTA6IElu
dmFsaWQgYXJndW1lbnQuDQo+IEkgaGF2ZSAvdmFyL2JhY2t1cHRzL2FkYS5lbGkgaWYgdGhh
dCBjYW4gaGVscC4uDQo+IFRoZXJlJ3Mgb25seSAvZGV2L2FkYTAsIG5vIGFkYTBzMSBmb3Ig
ZXhhbXBsZSBvciAuZWxpIG9yIHdoYXRldmVyLi4NCj4gQWxzbyB3aGVuIHJ1bm5pbmcgYGdw
YXJ0IHNob3dgLCBJIHNlZSAyIGRpc2tzOg0KPiB4eHggR1BUIChtYWluIGJvb3QgZHJpdmUp
DQo+IGZyZWVic2QtYm9vdA0KPiBmcmVlYnNkLXN3YXANCj4gZnJlZWJzZC16ZnMNCj4NCj4g
YW5kDQo+IGFkYTAgR1BUICh0aGUgZHJpdmUgaW4gcHJvYmxlbSkNCj4gLWZyZWUtIChldmVy
eXRoaW5nKQ0KPg0KPg0KPiBEb2VzIHRoaXMgaW5kaWNhdGUgdGhhdCBldmVyeXRoaW5nIGhh
cyBiZWVuIGxvc3QsIGxpa2UgdGhlIHBhcnRpdGlvbmluZw0KPiB0YWJsZSBvciB3aGF0ZXZl
ciB5b3UgY2FsbCBpdCwgbGlrZSBpdCBoYXMgYmVlbiBmb3JtYXR0ZWQ/DQo+IERpZCB0aGUg
b3RoZXIgZXZpbCBPUy1mdWNrZXIgZGVzdHJveSBteSBkaXNrIHdpdGhvdXQgc2F5aW5nIGl0
IHdvdWxkIGRvDQo+IHRoYXQ/DQo+DQo+DQo+IElmIHlvdSBjYW4ndCB0ZWxsLCBJJ20gaGVz
aXRhbnQgdG8gZ2l2ZSBtb3JlIGluZm9ybWF0aW9uIHRoYW4gd2hhdCdzDQo+IG5lY2Vzc2Fy
eSBmb3Igc29tZW9uZSB0byBoZWxwIG1lIGJlY2F1c2UgYWxtb3N0IGFueSBkYXRhIGNhbiBi
ZSB1c2VkIHRvDQo+IGRlYW5vbnltaXplIHNvbWVvbmUsIGJ1dCBpZiB5b3UgZG8gbmVlZCBz
b21lIGluZm9ybWF0aW9uLCBwbGVhc2UgZmVlbA0KPiBmcmVlIHRvIGFzay4NCj4NCj4NCj4g
VEw7RFI6IHNvbWUgT1MgY291bGQgaGF2ZSB3aXBlZCBzb21lIHBhcnQgb2YgYSBGcmVlQlNE
LXpmcyBkcml2ZSwgY2FuDQo+IHlvdSBoZWxwIG1lIGNvbmNsdWRlIHdldGhlciBvciBub3Qg
d2UgY2FuIHNvbWVob3cgc2F2ZSBpdD8NCj4NCi0tIA0KS2FybCBEZW5uaW5nZXINCmthcmxA
ZGVubmluZ2VyLm5ldA0KL1RoZSBNYXJrZXQgVGlja2VyLw0KL1tTL01JTUUgZW5jcnlwdGVk
IGVtYWlsIHByZWZlcnJlZF0vDQo=
--------------kzdCdSCPjL5h7ZIsg2NrPknA
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=
-8">
  </head>
  <body>
    <p>Gpart on the raw device, if you do the whole device, will not
      show anything until and unless you attach it at which point "gpart
      show" on the ".eli" device will work.<br>
    </p>
    <p>But its entirely possible the other OS scribbled on some number
      of the first few blocks, in which case you may be utterly boned as
      even IF you restore the metadata its highly-probable the data has
      been severely damaged.=C2=A0 You can try it (and I would certainly)=
,
      but you may be screwed.</p>
    <p>IF you can get Geli to attach it then a "gpart show
      /dev/ada0.eli"=C2=A0 SHOULD show the structure -- assuming gpart ca=
n
      find a usable partition table.<br>
    </p>
    <p>I am not a fan of using geli on the whole disk for this exact
      reason; another OS is very likely to assume the disk is not
      formatted AT ALL because it does not see a partition table
      signature and in some cases it might gratuitously write to it and
      you might either (in confusion) approve it or worse, it might not
      even ask!=C2=A0 You'd hope nobody would design something in an OS t=
hat
      is that THAT dumb but.....<br>
    </p>
    <div class=3D"moz-cite-prefix">On 5/18/2024 12:59, Anon Loli wrote:<b=
r>
    </div>
    <blockquote type=3D"cite" cite=3D"mid:ZkjePdUJqqrjjFsO@anonloli">
      <pre class=3D"moz-quote-pre" wrap=3D"">Hello mailing list!
I've had an event which includes modifying some BIOS settings (can't
remember which exactly), and testing some OS other than FreeBSD.

And I think that the said OS did something malicious to the disk in
question because it has been doing it for prolonged period of time, and
mentioned disks..

So this was all on same machine, like dual-booting but from another
drive.

Then when I went back into FreeBSD I noticed an error, `geli attach`
doesn't work, I used a /etc/rc.local script for the GELI disk like so:
`geli attach -p -k /etc/diskpassword.key /dev/ada0
zpool import zmedia`
I get an error message when I try to run the geli command:
</pre>
      <blockquote type=3D"cite">
        <pre class=3D"moz-quote-pre" wrap=3D"">geli: Cannot read metadata=
 from /dev/ada0: Invalid argument.
</pre>
      </blockquote>
      <pre class=3D"moz-quote-pre" wrap=3D"">
I have /var/backupts/ada.eli if that can help..
There's only /dev/ada0, no ada0s1 for example or .eli or whatever..
Also when running `gpart show`, I see 2 disks:
xxx GPT (main boot drive)
freebsd-boot
freebsd-swap
freebsd-zfs

and
ada0 GPT (the drive in problem)
-free- (everything)


Does this indicate that everything has been lost, like the partitioning
table or whatever you call it, like it has been formatted?
Did the other evil OS-fucker destroy my disk without saying it would do
that?


If you can't tell, I'm hesitant to give more information than what's
necessary for someone to help me because almost any data can be used to
deanonymize someone, but if you do need some information, please feel
free to ask.


TL;DR: some OS could have wiped some part of a FreeBSD-zfs drive, can
you help me conclude wether or not we can somehow save it?

</pre>
    </blockquote>
    <div class=3D"moz-signature">-- <br>
      Karl Denninger<br>
      <a href=3D"mailto:karl@denninger.net" class=3D"moz-txt-link-freetex=
t">karl@denninger.net</a><br>
      <i>The Market Ticker</i><br>
      <font size=3D"-2"><i>[S/MIME encrypted email preferred]</i></font><=
/div>
  </body>
</html>

--------------kzdCdSCPjL5h7ZIsg2NrPknA--

--------------iZXQ0X3yD6KAES0PG0tzrpdi--

--------------5pQC4Hl6TpthyFD8Ixxkzkjj
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEvWWSxnGhSYSUSaCtby3AFeuPWXgFAmZI4u4FAwAAAAAACgkQby3AFeuPWXj2
6A/+MzbEDKh/OjzYv9zgJA15F9kUlR5YnX9C6sRUp/B9T+w6yMNN8R46s8UEh4gL4BNfmBs22hES
r+mSo9YDYepJOYmgoB0hFi+w+xkD3IkGW23G9xRjzJmEvLLfH1lV+QWIoNGjmxNmAeZF7/IGvPSG
/VFPc/84pUN/nMZpfeUlZVzHPMkXdgiPqiTOHl3IBYRVJtWBjHr2LHgqnku5Dh2xwBioC8i4rDPf
trsk9Filwlit3ihz28Ak1WxuPxQt5iivpLLMTeuGKqfg5BNTe7r5Rel57myl9WuYoRR1xveTcuPv
YzjkrrBOWV+T2HZs6O+yT/RrDa0scZuKhTc/fZtO81yn/I/3+Kuiq6Y0gnKC5TYLl9yb59Gm0Zq4
p4w5yHbQAIj+YSc/KtnqGmOdcfjZUaN8dz5LbGEV2w7s3ystVu92gn4KwJ1svBb1WnVPxhdAtEBe
qL3FUbpEl9GqaGDKEfkeBDwfz/uDQec4eilYRFEVdsQSvLVp2ZZdWGQEudzlnqIYHxJABK3ztAkr
rHb5BUCA6auSbPaXl/Q9X6xRGQHG9rMafxYC90kAF57XN3qtOaJxfztifXxpD8QOITGhIESYIgXt
gxTeQwqkhXfTP8YOM5FAyuQ97rYO537Uf+mOVNE2KqUjg3ZElTFRf9F0OwZYbgnUc5ICaNkpQElI
Sug=
=5g9f
-----END PGP SIGNATURE-----

--------------5pQC4Hl6TpthyFD8Ixxkzkjj--

From nobody Sat May 18 17:10:32 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VhVtK5lyTz5L9VK
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sat, 18 May 2024 17:19:05 +0000 (UTC)
	(envelope-from anonloli@autistici.org)
Received: from confino.investici.org (confino.investici.org [IPv6:2a11:7980:1::2:0])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VhVtJ2RtKz4M5C
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 17:19:04 +0000 (UTC)
	(envelope-from anonloli@autistici.org)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=autistici.org header.s=stigmate header.b=YiHqrece;
	dmarc=pass (policy=reject) header.from=autistici.org;
	spf=pass (mx1.freebsd.org: domain of anonloli@autistici.org designates 2a11:7980:1::2:0 as permitted sender) smtp.mailfrom=anonloli@autistici.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
	s=stigmate; t=1716052247;
	bh=s/wetzcKIAUa7yY3TH1NAM9SHSqWI3hdje3bhubS/pI=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=YiHqreceIZ6D6UcVhgGUoXVqpLlA9YHYWH4TiLaX46+RwltokDAdUpNiCflXOls9J
	 THeDkmsdxXYHV8BvgsvxMzmkVeEay4Uij7JrVgC2k+J8iB3ND5TKV5JdgXtHUy6HMZ
	 79G/8kIONcgYwFts2Nq4YIe4M4Kx2L1AbCckOiAg=
Received: from mx1.investici.org (unknown [127.0.0.1])
	by confino.investici.org (Postfix) with ESMTP id 4VhVhl3Bqtz11Fl
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 17:10:47 +0000 (UTC)
Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: anonloli@autistici.org) by localhost (Postfix) with ESMTPSA id 4VhVhk5c4rz1127
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 17:10:46 +0000 (UTC)
Date: Sat, 18 May 2024 17:10:32 +0000
From: Anon Loli <anonloli@autistici.org>
To: freebsd-hackers@freebsd.org
Subject: [fixed] Re: GELI disk corrupted or external influence?
Message-ID: <ZkjhCP-tmyBemT46@anonloli>
References: <1716050202-69054-mlmmj-647e0ac8@FreeBSD.org>
 <ZkjePdUJqqrjjFsO@anonloli>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ZkjePdUJqqrjjFsO@anonloli>
X-Spamd-Bar: +
X-Spamd-Result: default: False [1.30 / 15.00];
	MID_END_EQ_FROM_USER_PART(4.00)[];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[autistici.org,reject];
	MID_RHS_NOT_FQDN(0.50)[];
	R_DKIM_ALLOW(-0.20)[autistici.org:s=stigmate];
	R_SPF_ALLOW(-0.20)[+ip6:2a11:7980:1:0::2:0:c];
	RCVD_IN_DNSWL_LOW(-0.20)[93.190.126.19:received,2a11:7980:1::2:0:from];
	MIME_GOOD(-0.10)[text/plain];
	GREYLIST(0.00)[pass,body];
	DKIM_TRACE(0.00)[autistici.org:+];
	RCVD_TLS_LAST(0.00)[];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	ASN(0.00)[asn:210861, ipnet:2a11:7980::/40, country:CH];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	MISSING_XM_UA(0.00)[];
	TO_DN_NONE(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4VhVtJ2RtKz4M5C

Oh, I immediately tried this `geli restore /var/backups/ada0.eli ada0`
and it got fixed! :)

What broke this? Some BIOS setting change or the other OS deleted
something?
In any case I can finally move to OpenBSD lol bye (I'm still curious as
to who broke it, it's an older FreeBSD install if it matters)

On Sat, May 18, 2024 at 04:59:59PM +0000, Anon Loli wrote:
> Hello mailing list!
> I've had an event which includes modifying some BIOS settings (can't
> remember which exactly), and testing some OS other than FreeBSD.
> 
> And I think that the said OS did something malicious to the disk in
> question because it has been doing it for prolonged period of time, and
> mentioned disks..
> 
> So this was all on same machine, like dual-booting but from another
> drive.
> 
> Then when I went back into FreeBSD I noticed an error, `geli attach`
> doesn't work, I used a /etc/rc.local script for the GELI disk like so:
> `geli attach -p -k /etc/diskpassword.key /dev/ada0
> zpool import zmedia`
> I get an error message when I try to run the geli command:
> > geli: Cannot read metadata from /dev/ada0: Invalid argument.
> 
> I have /var/backupts/ada.eli if that can help..
> There's only /dev/ada0, no ada0s1 for example or .eli or whatever..
> Also when running `gpart show`, I see 2 disks:
> xxx GPT (main boot drive)
> freebsd-boot
> freebsd-swap
> freebsd-zfs
> 
> and
> ada0 GPT (the drive in problem)
> -free- (everything)
> 
> 
> Does this indicate that everything has been lost, like the partitioning
> table or whatever you call it, like it has been formatted?
> Did the other evil OS-fucker destroy my disk without saying it would do
> that?
> 
> 
> If you can't tell, I'm hesitant to give more information than what's
> necessary for someone to help me because almost any data can be used to
> deanonymize someone, but if you do need some information, please feel
> free to ask.
> 
> 
> TL;DR: some OS could have wiped some part of a FreeBSD-zfs drive, can
> you help me conclude wether or not we can somehow save it?

From nobody Sat May 18 17:53:21 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VhWmm1J3kz5LDCG
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sat, 18 May 2024 17:59:20 +0000 (UTC)
	(envelope-from anonloli@autistici.org)
Received: from devianza.investici.org (devianza.investici.org [198.167.222.108])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VhWml42jVz4RM1
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 17:59:19 +0000 (UTC)
	(envelope-from anonloli@autistici.org)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=autistici.org header.s=stigmate header.b=R1HJxfUj;
	dmarc=pass (policy=reject) header.from=autistici.org;
	spf=pass (mx1.freebsd.org: domain of anonloli@autistici.org designates 198.167.222.108 as permitted sender) smtp.mailfrom=anonloli@autistici.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org;
	s=stigmate; t=1716054837;
	bh=j/1WOnddp5oPiQhXENhSJzrMjh2CNKAOlIoXkbefPd0=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=R1HJxfUjnZBqC/fFZkdFGjz34fqDvfvzCkJVL/5iHscaYOEr5dJddB6Za4siEYxcD
	 HHfhnPMC4MM12JY6rta0pqfg4+55G1BLpOaZfyBdfta94t6RO106OOhtv+99LsFMVX
	 /wn5KF5FJ4xy1EBJ2NGKe+q1GwocZ1WQIiufP2i8=
Received: from mx2.investici.org (unknown [127.0.0.1])
	by devianza.investici.org (Postfix) with ESMTP id 4VhWfY1xWnz6xbN
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 17:53:57 +0000 (UTC)
Received: from [198.167.222.108] (mx2.investici.org [198.167.222.108]) (Authenticated sender: anonloli@autistici.org) by localhost (Postfix) with ESMTPSA id 4VhWfX4d7Bz6xbM
	for <freebsd-hackers@freebsd.org>; Sat, 18 May 2024 17:53:56 +0000 (UTC)
Date: Sat, 18 May 2024 17:53:21 +0000
From: Anon Loli <anonloli@autistici.org>
To: freebsd-hackers@freebsd.org
Subject: Re: GELI disk corrupted or external influence?
Message-ID: <ZkjqaA8C5u8abpTi@anonloli>
References: <1716050202-69054-mlmmj-647e0ac8@FreeBSD.org>
 <ZkjePdUJqqrjjFsO@anonloli>
 <f9c2844d-aecf-4f88-92a5-3d53481ceb54@denninger.net>
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <f9c2844d-aecf-4f88-92a5-3d53481ceb54@denninger.net>
X-Spamd-Bar: +
X-Spamd-Result: default: False [1.30 / 15.00];
	MID_END_EQ_FROM_USER_PART(4.00)[];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	SUBJECT_ENDS_QUESTION(1.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[autistici.org,reject];
	MID_RHS_NOT_FQDN(0.50)[];
	R_DKIM_ALLOW(-0.20)[autistici.org:s=stigmate];
	R_SPF_ALLOW(-0.20)[+ip4:198.167.222.108:c];
	RCVD_IN_DNSWL_LOW(-0.20)[198.167.222.108:received,198.167.222.108:from];
	MIME_GOOD(-0.10)[text/plain];
	GREYLIST(0.00)[pass,body];
	DKIM_TRACE(0.00)[autistici.org:+];
	RCVD_TLS_LAST(0.00)[];
	ARC_NA(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	FROM_HAS_DN(0.00)[];
	ASN(0.00)[asn:39287, ipnet:198.167.192.0/19, country:FI];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	MISSING_XM_UA(0.00)[];
	TO_DN_NONE(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	MIME_TRACE(0.00)[0:+]
X-Rspamd-Queue-Id: 4VhWml42jVz4RM1

Yeah I did just that, I did `zpool export [zfs pool]` and ran
`gpart show /dev/ada0.eli`, and it tells me this:
> gpart: No such geom: /dev/ada0.eli.` so I guess this is what you meant
by the partition table?

In any case, a zpool scrub should be useful in this case?
Maybe I'm doing it wrong?
Anyways thanks for your response.


The reason I'm leaving FreeBSD is that it's full of bugs including but
not limited to filename handling by ls/cd (specifically some encoding
like Swedish encoding or something couldn't handle the weird letters)
and ports, I couldn't get them to work after an upgrade, perhaps I
didn't do something correctly, everything was broken and I decided to
switch to OpenBSD, in where it's much better..

Don't get me wrong for something like gaming and lazy/irresponsible
storage usecases FreeBSD is alright, but OpenBSD just feels right..

Also FreeBSD crashes as-in reboots the entire PC if the HDMI cable of
one of displays I tested is inserted only half-way.

On Sat, May 18, 2024 at 01:18:38PM -0400, Karl Denninger wrote:
> Gpart on the raw device, if you do the whole device, will not show anything
> until and unless you attach it at which point "gpart show" on the ".eli"
> device will work.
> 
> But its entirely possible the other OS scribbled on some number of the first
> few blocks, in which case you may be utterly boned as even IF you restore
> the metadata its highly-probable the data has been severely damaged.  You
> can try it (and I would certainly), but you may be screwed.
> 
> IF you can get Geli to attach it then a "gpart show /dev/ada0.eli"  SHOULD
> show the structure -- assuming gpart can find a usable partition table.
> 
> I am not a fan of using geli on the whole disk for this exact reason;
> another OS is very likely to assume the disk is not formatted AT ALL because
> it does not see a partition table signature and in some cases it might
> gratuitously write to it and you might either (in confusion) approve it or
> worse, it might not even ask!  You'd hope nobody would design something in
> an OS that is that THAT dumb but.....
> 
> On 5/18/2024 12:59, Anon Loli wrote:
> > Hello mailing list!
> > I've had an event which includes modifying some BIOS settings (can't
> > remember which exactly), and testing some OS other than FreeBSD.
> > 
> > And I think that the said OS did something malicious to the disk in
> > question because it has been doing it for prolonged period of time, and
> > mentioned disks..
> > 
> > So this was all on same machine, like dual-booting but from another
> > drive.
> > 
> > Then when I went back into FreeBSD I noticed an error, `geli attach`
> > doesn't work, I used a /etc/rc.local script for the GELI disk like so:
> > `geli attach -p -k /etc/diskpassword.key /dev/ada0
> > zpool import zmedia`
> > I get an error message when I try to run the geli command:
> > > geli: Cannot read metadata from /dev/ada0: Invalid argument.
> > I have /var/backupts/ada.eli if that can help..
> > There's only /dev/ada0, no ada0s1 for example or .eli or whatever..
> > Also when running `gpart show`, I see 2 disks:
> > xxx GPT (main boot drive)
> > freebsd-boot
> > freebsd-swap
> > freebsd-zfs
> > 
> > and
> > ada0 GPT (the drive in problem)
> > -free- (everything)
> > 
> > 
> > Does this indicate that everything has been lost, like the partitioning
> > table or whatever you call it, like it has been formatted?
> > Did the other evil OS-fucker destroy my disk without saying it would do
> > that?
> > 
> > 
> > If you can't tell, I'm hesitant to give more information than what's
> > necessary for someone to help me because almost any data can be used to
> > deanonymize someone, but if you do need some information, please feel
> > free to ask.
> > 
> > 
> > TL;DR: some OS could have wiped some part of a FreeBSD-zfs drive, can
> > you help me conclude wether or not we can somehow save it?
> > 
> -- 
> Karl Denninger
> karl@denninger.net
> /The Market Ticker/
> /[S/MIME encrypted email preferred]/




From nobody Sun May 19 22:36:45 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VjFth5lJ5z5L6gY
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sun, 19 May 2024 22:37:00 +0000 (UTC)
	(envelope-from george+freebsd@m5p.com)
Received: from mailhost.m5p.com (mailhost.m5p.com [74.104.188.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "m5p.com", Issuer "R3" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VjFtg493Cz4SfN
	for <freebsd-hackers@FreeBSD.org>; Sun, 19 May 2024 22:36:59 +0000 (UTC)
	(envelope-from george+freebsd@m5p.com)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of george+freebsd@m5p.com designates 74.104.188.4 as permitted sender) smtp.mailfrom=george+freebsd@m5p.com
Received: from [IPV6:2001:470:8ac4::26] (court.m5p.com [IPv6:2001:470:8ac4:0:0:0:0:26])
	(authenticated bits=0)
	by mailhost.m5p.com (8.17.1/8.17.1) with ESMTPSA id 44JMakXf067042
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Sun, 19 May 2024 18:36:51 -0400 (EDT)
	(envelope-from george+freebsd@m5p.com)
Message-ID: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
Date: Sun, 19 May 2024 18:36:45 -0400
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: FreeBSD Hackers <freebsd-hackers@FreeBSD.org>
From: George Mitchell <george+freebsd@m5p.com>
Subject: A simpler question
Autocrypt: addr=george+freebsd@m5p.com; keydata=
 xjMEZaHDbxYJKwYBBAHaRw8BAQdA2W6oBfS8haXY0/Ft4zS1OTLYfC8EBIADPTgMQdh85C3N
 KEdlb3JnZSBNaXRjaGVsbCA8Z2VvcmdlK2ZyZWVic2RAbTVwLmNvbT7CmQQTFgoAQRYhBDpv
 v9n4+UzMLAJ8EZocD3futmd9BQJlocSiAhsDBQkFo5qABQsJCAcCAiICBhUKCQgLAgQWAgMB
 Ah4HAheAAAoJEJocD3futmd9SxwBAJUi6DNdVhWCZBTv5XGy1g0JgApLWe/3S0M0zz9sn7/L
 AQCcJcV5k5s2rt9J5C1AUm6XVsuneVvIWXO5j1GKWk0NC844BGWhw28SCisGAQQBl1UBBQEB
 B0AaFz/6B95RRvjOdLZr5fSdhuIHvwr24H3ePDZSw6wlUwMBCAfCfgQYFgoAJhYhBDpvv9n4
 +UzMLAJ8EZocD3futmd9BQJlocNvAhsMBQkFo5qAAAoJEJocD3futmd9RXsBANwRD9RE56F6
 /jeZOrujHICLcgPiOt50Y6866v9OUTjUAP9GlC1aopfBpNwuPLJBam7oBaGqvY98VDhzOjoT
 7DNbCQ==
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------uB2rMi4cqderkPIUuhe5yViU"
X-Spam-Status: No, score=0.0 required=10.0 tests=HELO_NO_DOMAIN
	autolearn=unavailable autolearn_force=no version=4.0.0
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on mattapan.m5p.com
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.62 / 15.00];
	SIGNED_PGP(-2.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	NEURAL_HAM_LONG(-1.00)[-0.998];
	NEURAL_HAM_MEDIUM(-0.34)[-0.336];
	MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain];
	R_SPF_ALLOW(-0.20)[+a];
	MIME_BASE64_TEXT(0.10)[];
	XM_UA_NO_VERSION(0.01)[];
	RCPT_COUNT_ONE(0.00)[1];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	RCVD_COUNT_ONE(0.00)[1];
	ASN(0.00)[asn:701, ipnet:74.104.0.0/16, country:US];
	MIME_TRACE(0.00)[0:+,1:+,2:+,3:~];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	MID_RHS_MATCH_FROM(0.00)[];
	ARC_NA(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	FROM_HAS_DN(0.00)[];
	DMARC_NA(0.00)[m5p.com];
	TAGGED_FROM(0.00)[freebsd];
	MLMMJ_DEST(0.00)[freebsd-hackers@FreeBSD.org];
	TO_DN_ALL(0.00)[];
	R_DKIM_NA(0.00)[];
	HAS_ATTACHMENT(0.00)[]
X-Rspamd-Queue-Id: 4VjFtg493Cz4SfN

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------uB2rMi4cqderkPIUuhe5yViU
Content-Type: multipart/mixed; boundary="------------2LjlejpRhvHqewK5qFhjKsEI";
 protected-headers="v1"
From: George Mitchell <george+freebsd@m5p.com>
To: FreeBSD Hackers <freebsd-hackers@FreeBSD.org>
Message-ID: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
Subject: A simpler question

--------------2LjlejpRhvHqewK5qFhjKsEI
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

MS4gQXJlIHlvdSBhIFRodW5kZXJiaXJkIHVzZXIgb24gRnJlZUJTRD8NCjIuIERvIHlvdSBz
ZWUgYSAiY2hhcnQgd2l0aCByaXNpbmcgdHJlbmQsIiAiY2hhcnQgd2l0aCBmYWxsaW5nIHRy
ZW5kLCINCiJiYXIgY2hhcnQsIiBhbmQgImNsaXBib2FyZCIgZW1vamlzIChVKzFGNEM4IHRo
cm91Z2ggVSsxRjRDQikgb24gdGhlDQpuZXh0IGxpbmU/DQrwn5OICfCfk4kJ8J+Tignwn5OL
DQpUaGFuayB5b3UgZm9yIHlvdXIgYXR0ZW50aW9uLiAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgLS0gR2VvcmdlDQo=

--------------2LjlejpRhvHqewK5qFhjKsEI--

--------------uB2rMi4cqderkPIUuhe5yViU
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQQ6b7/Z+PlMzCwCfBGaHA937rZnfQUCZkp+/QUDAAAAAAAKCRCaHA937rZnfbnk
AP98cTrCzhcALFO92VPOEcGvK2QezYzNttNSEivzQREvhwD+Ncjl8F5o/SIr1KsQAZss01OLl3h9
7o1Hys08EksZ1wg=
=+vs3
-----END PGP SIGNATURE-----

--------------uB2rMi4cqderkPIUuhe5yViU--

From nobody Sun May 19 22:40:30 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VjFyt2T7Jz5L6tw
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sun, 19 May 2024 22:40:38 +0000 (UTC)
	(envelope-from george+freebsd@m5p.com)
Received: from mailhost.m5p.com (mailhost.m5p.com [74.104.188.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "m5p.com", Issuer "R3" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VjFys5Y4Zz4Tgs
	for <freebsd-hackers@freebsd.org>; Sun, 19 May 2024 22:40:37 +0000 (UTC)
	(envelope-from george+freebsd@m5p.com)
Authentication-Results: mx1.freebsd.org;
	dkim=none;
	dmarc=none;
	spf=pass (mx1.freebsd.org: domain of george+freebsd@m5p.com designates 74.104.188.4 as permitted sender) smtp.mailfrom=george+freebsd@m5p.com
Received: from [IPV6:2001:470:8ac4::26] (court.m5p.com [IPv6:2001:470:8ac4:0:0:0:0:26])
	(authenticated bits=0)
	by mailhost.m5p.com (8.17.1/8.17.1) with ESMTPSA id 44JMeVhF067074
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)
	for <freebsd-hackers@freebsd.org>; Sun, 19 May 2024 18:40:36 -0400 (EDT)
	(envelope-from george+freebsd@m5p.com)
Message-ID: <25471908-df8e-430c-b4a1-feab9c4ca4f9@m5p.com>
Date: Sun, 19 May 2024 18:40:30 -0400
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: A simpler question
Content-Language: en-US
To: freebsd-hackers@freebsd.org
References: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
From: George Mitchell <george+freebsd@m5p.com>
Autocrypt: addr=george+freebsd@m5p.com; keydata=
 xjMEZaHDbxYJKwYBBAHaRw8BAQdA2W6oBfS8haXY0/Ft4zS1OTLYfC8EBIADPTgMQdh85C3N
 KEdlb3JnZSBNaXRjaGVsbCA8Z2VvcmdlK2ZyZWVic2RAbTVwLmNvbT7CmQQTFgoAQRYhBDpv
 v9n4+UzMLAJ8EZocD3futmd9BQJlocSiAhsDBQkFo5qABQsJCAcCAiICBhUKCQgLAgQWAgMB
 Ah4HAheAAAoJEJocD3futmd9SxwBAJUi6DNdVhWCZBTv5XGy1g0JgApLWe/3S0M0zz9sn7/L
 AQCcJcV5k5s2rt9J5C1AUm6XVsuneVvIWXO5j1GKWk0NC844BGWhw28SCisGAQQBl1UBBQEB
 B0AaFz/6B95RRvjOdLZr5fSdhuIHvwr24H3ePDZSw6wlUwMBCAfCfgQYFgoAJhYhBDpvv9n4
 +UzMLAJ8EZocD3futmd9BQJlocNvAhsMBQkFo5qAAAoJEJocD3futmd9RXsBANwRD9RE56F6
 /jeZOrujHICLcgPiOt50Y6866v9OUTjUAP9GlC1aopfBpNwuPLJBam7oBaGqvY98VDhzOjoT
 7DNbCQ==
In-Reply-To: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------Dq4KdjTfqFfiXEApytJdxC7J"
X-Spam-Status: No, score=0.0 required=10.0 tests=HELO_NO_DOMAIN
	autolearn=unavailable autolearn_force=no version=4.0.0
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on mattapan.m5p.com
X-Spamd-Bar: -----
X-Spamd-Result: default: False [-5.08 / 15.00];
	SIGNED_PGP(-2.00)[];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	NEURAL_HAM_LONG(-0.99)[-0.991];
	NEURAL_HAM_MEDIUM(-0.80)[-0.801];
	MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain];
	R_SPF_ALLOW(-0.20)[+a:c];
	MIME_BASE64_TEXT(0.10)[];
	XM_UA_NO_VERSION(0.01)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	RCVD_TLS_ALL(0.00)[];
	HAS_ATTACHMENT(0.00)[];
	ARC_NA(0.00)[];
	TAGGED_FROM(0.00)[freebsd];
	DMARC_NA(0.00)[m5p.com];
	FROM_HAS_DN(0.00)[];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	ASN(0.00)[asn:701, ipnet:74.104.0.0/16, country:US];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	TO_DN_NONE(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	RCVD_COUNT_ONE(0.00)[1];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	MID_RHS_MATCH_FROM(0.00)[];
	R_DKIM_NA(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	MIME_TRACE(0.00)[0:+,1:+,2:+,3:~]
X-Rspamd-Queue-Id: 4VjFys5Y4Zz4Tgs

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------Dq4KdjTfqFfiXEApytJdxC7J
Content-Type: multipart/mixed; boundary="------------CXag9HIMzphJqxZ7wPWVhVZm";
 protected-headers="v1"
From: George Mitchell <george+freebsd@m5p.com>
To: freebsd-hackers@freebsd.org
Message-ID: <25471908-df8e-430c-b4a1-feab9c4ca4f9@m5p.com>
Subject: Re: A simpler question
References: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
In-Reply-To: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>

--------------CXag9HIMzphJqxZ7wPWVhVZm
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

T24gNS8xOS8yNCAxODozNiwgR2VvcmdlIE1pdGNoZWxsIHdyb3RlOg0KPiAxLiBBcmUgeW91
IGEgVGh1bmRlcmJpcmQgdXNlciBvbiBGcmVlQlNEPw0KPiAyLiBEbyB5b3Ugc2VlIGEgImNo
YXJ0IHdpdGggcmlzaW5nIHRyZW5kLCIgImNoYXJ0IHdpdGggZmFsbGluZyB0cmVuZCwiDQo+
ICJiYXIgY2hhcnQsIiBhbmQgImNsaXBib2FyZCIgZW1vamlzIChVKzFGNEM4IHRocm91Z2gg
VSsxRjRDQikgb24gdGhlDQo+IG5leHQgbGluZT8NCj4g8J+TiMKgwqDCoCDwn5OJwqDCoMKg
IPCfk4rCoMKgwqAg8J+Tiw0KPiBUaGFuayB5b3UgZm9yIHlvdXIgYXR0ZW50aW9uLsKgwqDC
oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oMKgIC0tIEdlb3JnZQ0KUGFydGlhbGx5IGFuc3dlcmluZyBteSBvd24gcXVlc3Rpb246IFVz
aW5nIGNocm9tZSB0byBicm93c2UgdGhlIG1haWxpbmcNCmxpc3QgYXJjaGl2ZSwgdGhlIGVt
b2ppcyBzaG93ZWQgdXAgcGVyZmVjdGx5LCBhcyB0aGV5IGRpZCBvbiBhIEJjYyB0byBteQ0K
YmFja3VwIGdtYWlsIGFjY291bnQuICBCdXQgSSBjb3VsZCBub3Qgc2VlIHRoZW0gd2hlbiBj
b21wb3NpbmcgdGhlDQptZXNzYWdlLCBvciByZWFkaW5nIHRoZSBtZXNzYWdlIGZyb20gdGhl
IGxpc3QsIGluIFRodW5kZXJiaXJkLg0KLS0gR2VvcmdlDQo=

--------------CXag9HIMzphJqxZ7wPWVhVZm--

--------------Dq4KdjTfqFfiXEApytJdxC7J
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQQ6b7/Z+PlMzCwCfBGaHA937rZnfQUCZkp/3gUDAAAAAAAKCRCaHA937rZnfTwt
AQDc7aHzkuht6omCJt3V0H+LaT4gKUiZUNVuJY6j6I7CdAEA55/Fy1jyCverQWZh1MMTvTw+1mDS
nTZ/XJU8SEOzhgU=
=3HSO
-----END PGP SIGNATURE-----

--------------Dq4KdjTfqFfiXEApytJdxC7J--

From nobody Sun May 19 22:48:41 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VjG8F0hXSz5L7kw
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sun, 19 May 2024 22:48:45 +0000 (UTC)
	(envelope-from alfix86@gmail.com)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VjG8D3Kb0z4WL5
	for <freebsd-hackers@freebsd.org>; Sun, 19 May 2024 22:48:44 +0000 (UTC)
	(envelope-from alfix86@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=OwndvZ5J;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of alfix86@gmail.com designates 2a00:1450:4864:20::231 as permitted sender) smtp.mailfrom=alfix86@gmail.com
Received: by mail-lj1-x231.google.com with SMTP id 38308e7fff4ca-2e724bc46bfso6554321fa.3
        for <freebsd-hackers@freebsd.org>; Sun, 19 May 2024 15:48:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1716158922; x=1716763722; darn=freebsd.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id:from
         :to:cc:subject:date:message-id:reply-to;
        bh=dzteN5k2SwwIneisgdnm2fxBNQCgoRRZ/EWUWD+3ezU=;
        b=OwndvZ5JID83wZ+wgZpz7EU03XAqktwG/1kc+vawMwcSLlrJf5ViSdYSE+twoZn6Ox
         llPLKSmFgyyB9wLKhW9PbBxf5K+7JUi0ln5rn8jG6A+6aHp7wFSycdSguxfC4yjAQ+4h
         tqYDR+qBIkBGXZwgTRJuzgvttfckZRQy37lRy2j3co7sv1Ab+kewErxsnlBrZkgIzYGv
         i7+lH5aLl391bviYiJ48EYVwQyiAkTCt05WXx8eSj7cUiFKhZ+UbP1zRnzU7YmXow3QH
         fM/oRqzNdfRoW4Ud77vrXXd4uiwWiA4JDOS6aKTXvWbnuOPjEeEk/lCV9474q91XwmSm
         MEQQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716158922; x=1716763722;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=dzteN5k2SwwIneisgdnm2fxBNQCgoRRZ/EWUWD+3ezU=;
        b=JazOitty9UNk1bXdYRajJmqs0zHJ2fe9kNQAaa+v5doLqEZisMSE5Kead93z2teWk0
         9PgGIldPONUPxaTfSnQadwH+/zc7aOqCO0f7DX2kf5tjdWajGMscHwemEde8HM4WKgOz
         Gi8cW1sY6O8fjieZe+CE9IUr7Fc5XBq+sOLGPriMSovvt0EVZPLz/WVBOSvIHQ6HgBWi
         4s5SJmA2RITWcc4ItfsGjzgIC4Lv7fA9NtbIO9C0j73i1CPWkt20r/iI+xD1yjQtmeSe
         AlpPnD4e5OE1bFD2inseKX/7VPCrZYHYL2+Go9dXM1lMIzKSYjQj9RGb4+sjSCfSqrsj
         Qnyg==
X-Forwarded-Encrypted: i=1; AJvYcCV9NjVcI0TGjoeb50AsCW3plUU+m26l4+Od2djN9X4kqJ2w1jsMb5U+RvOu2HdxOYf77mCcmlL/iCd7IYm/sZJdBskg5F7WzXbP1Mw=
X-Gm-Message-State: AOJu0Yy06PDYSZ3/vsuNJjtnGCTTalyIbE5gZWBDjn1vxJU9p60IsRdg
	w5Jcb5F3F4/gvddvWo9mNjEVHUJif933n39lnttJ8XvpTuMe934ylihs1g==
X-Google-Smtp-Source: AGHT+IExK223wk4Yo0vkywobxMdA2SeRuf4ur3Cdxz/ea3Yf8Ut4lkVF2mHv0Y0ipOuvUm0m3ePXQw==
X-Received: by 2002:a2e:9c07:0:b0:2e7:2d1f:edc2 with SMTP id 38308e7fff4ca-2e72d1feee6mr870541fa.38.1716158922289;
        Sun, 19 May 2024 15:48:42 -0700 (PDT)
Received: from [192.168.1.13] (mob-5-91-120-209.net.vodafone.it. [5.91.120.209])
        by smtp.gmail.com with ESMTPSA id 4fb4d7f45d1cf-5733c2c7e18sm14530517a12.76.2024.05.19.15.48.41
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sun, 19 May 2024 15:48:41 -0700 (PDT)
Message-ID: <d2e86abc-686f-4e81-8122-a8d972462c31@gmail.com>
Date: Mon, 20 May 2024 00:48:41 +0200
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: A simpler question
To: George Mitchell <george+freebsd@m5p.com>, freebsd-hackers@freebsd.org
References: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
 <25471908-df8e-430c-b4a1-feab9c4ca4f9@m5p.com>
Content-Language: en-US
From: "Alfonso S. Siciliano" <alfix86@gmail.com>
In-Reply-To: <25471908-df8e-430c-b4a1-feab9c4ca4f9@m5p.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.99 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
	MIME_GOOD(-0.10)[text/plain];
	XM_UA_NO_VERSION(0.01)[];
	RCVD_TLS_LAST(0.00)[];
	ARC_NA(0.00)[];
	MIME_TRACE(0.00)[0:+];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	RCPT_COUNT_TWO(0.00)[2];
	FREEMAIL_FROM(0.00)[gmail.com];
	TO_DN_SOME(0.00)[];
	FROM_HAS_DN(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	MID_RHS_MATCH_FROM(0.00)[];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	TAGGED_RCPT(0.00)[freebsd];
	RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::231:from]
X-Rspamd-Queue-Id: 4VjG8D3Kb0z4WL5

On 5/20/24 00:40, George Mitchell wrote:
> On 5/19/24 18:36, George Mitchell wrote:
>> 1. Are you a Thunderbird user on FreeBSD?
>> 2. Do you see a "chart with rising trend," "chart with falling trend,"
>> "bar chart," and "clipboard" emojis (U+1F4C8 through U+1F4CB) on the
>> next line?
>> 📈    📉    📊    📋
>> Thank you for your attention.                                -- George
> Partially answering my own question: Using chrome to browse the mailing
> list archive, the emojis showed up perfectly, as they did on a Bcc to my
> backup gmail account.  But I could not see them when composing the
> message, or reading the message from the list, in Thunderbird.
> -- George

I have just installed `pkg install noto-emoji`
so i can see the emoji in this email in Thunderbird on CURRENT
(exactly as I see them on my android smartphone).

Alfonso


From nobody Sun May 19 22:56:47 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VjGKb0FGlz5L8wZ
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sun, 19 May 2024 22:56:51 +0000 (UTC)
	(envelope-from bacon4000@gmail.com)
Received: from mail-oa1-x32.google.com (mail-oa1-x32.google.com [IPv6:2001:4860:4864:20::32])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VjGKZ1cS6z4YQL
	for <freebsd-hackers@freebsd.org>; Sun, 19 May 2024 22:56:50 +0000 (UTC)
	(envelope-from bacon4000@gmail.com)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=gmail.com header.s=20230601 header.b=kM6HY2xj;
	dmarc=pass (policy=none) header.from=gmail.com;
	spf=pass (mx1.freebsd.org: domain of bacon4000@gmail.com designates 2001:4860:4864:20::32 as permitted sender) smtp.mailfrom=bacon4000@gmail.com
Received: by mail-oa1-x32.google.com with SMTP id 586e51a60fabf-248f7fdc323so765333fac.1
        for <freebsd-hackers@freebsd.org>; Sun, 19 May 2024 15:56:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1716159408; x=1716764208; darn=freebsd.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id:from
         :to:cc:subject:date:message-id:reply-to;
        bh=rUzryg/BoB33uvqvKjRoNGv+I8I9n+nqz+esPJVhilw=;
        b=kM6HY2xjtj0PS824yMX8uKIi0tUDFOkBZxwGaYmlUbMf2ERGUcsJT6HXxYL/1IJ0sW
         /fL8iUYjhayRd5zIERGA17xdVsvq+ZHlW/JtKg6ZyWO8fdvnXR4DwNo6CGvSmqBwMK6s
         zvhZsL+aboulLbCzGur4h2iYWU+9YpRi9Y3T+h/ix5GhWFB/1uue82gPd2leWQzAQme1
         Od9jRIJRKkpUwG71WdazevvzyGS+40f/1P2yXnk8heTn57n0dTGegyr/XLjy0kOTFVkI
         kkStyzJS/n15+LW6d8KgIYlIz4uAPp7jlACAWlp7P3YLHKNKZWaRqrIDw4woyAkBCaOx
         8FTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1716159408; x=1716764208;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=rUzryg/BoB33uvqvKjRoNGv+I8I9n+nqz+esPJVhilw=;
        b=cEl9FBZcveo77t/tF5x24Y0KhHXBXnpWXAMVrIjMzo/1F0MhTEb9YKsZFV0AKVUWMm
         r/vR/Z+lDKtssSpKFSxeiOd6mkO89uEmSAuqtZz22AYpvIZ1ecsmWEzTVVRQMBQpb+m4
         fw+yQfaCsn9bRApCKkS92Bc46N2/MwhwB2KeT6JXIdPDOuKPpbzAR3CYGZzacK+XRepn
         9AQIkZPJpksEkso9oUo4Kp3D6ymhBa+rcmpPaNa0K6RuRl5cxAzRWxARxfkcxrz72z40
         RAHE84/OuM9yDS3iG1R8M8XJuSLYUvfhRhh0ADk8h5XL16Aov13VP09X8x4X26C9ult1
         gpLQ==
X-Forwarded-Encrypted: i=1; AJvYcCW3KAa2x49kL4sSTZvdw1SIIVa24T0t684cH9bt0YBJenZyEe7pdp8jhebMvRElMYn+Dz0jpAtjZCvqdqbZDvlPP/OdTwKIox/Fka8=
X-Gm-Message-State: AOJu0YzkR1QVpFOyRI3iCatEGOu8pju0m9X39SZYGYjFYC4WN3JyHTGB
	4FTXLPQ0bPyl26DtONdeZ0XNFQGwPx7SHHY8B/gfAERwUTvKyI0JHAaepKgG
X-Google-Smtp-Source: AGHT+IHaEZ7UjA6SaE2ppU6nBg4uAIZVrkwj+v2WIukCoW79c+v1hw6AXbuhVy9f/51lW1WA665sQA==
X-Received: by 2002:a05:6870:7a1:b0:238:f93f:66b6 with SMTP id 586e51a60fabf-24172bf8c74mr40065863fac.29.1716159408548;
        Sun, 19 May 2024 15:56:48 -0700 (PDT)
Received: from [192.168.0.146] (108-255-3-0.lightspeed.milwwi.sbcglobal.net. [108.255.3.0])
        by smtp.gmail.com with ESMTPSA id 586e51a60fabf-2412a6222f7sm5104263fac.20.2024.05.19.15.56.48
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sun, 19 May 2024 15:56:48 -0700 (PDT)
Message-ID: <21bd2968-848c-4f9f-9565-4d2a33812bc2@gmail.com>
Date: Sun, 19 May 2024 17:56:47 -0500
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: A simpler question
To: George Mitchell <george+freebsd@m5p.com>,
 FreeBSD Hackers <freebsd-hackers@FreeBSD.org>
References: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
Content-Language: en-US
From: Jason Bacon <bacon4000@gmail.com>
In-Reply-To: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
X-Spamd-Bar: ---
X-Spamd-Result: default: False [-3.89 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-1.00)[-1.000];
	DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
	R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601];
	R_SPF_ALLOW(-0.20)[+ip6:2001:4860:4000::/36];
	MIME_GOOD(-0.10)[text/plain];
	MIME_BASE64_TEXT(0.10)[];
	XM_UA_NO_VERSION(0.01)[];
	MIME_TRACE(0.00)[0:+];
	TO_DN_ALL(0.00)[];
	FREEMAIL_ENVFROM(0.00)[gmail.com];
	RCVD_TLS_LAST(0.00)[];
	FREEMAIL_FROM(0.00)[gmail.com];
	ARC_NA(0.00)[];
	RCPT_COUNT_TWO(0.00)[2];
	FROM_HAS_DN(0.00)[];
	DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
	TO_MATCH_ENVRCPT_SOME(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_EQ_ENVFROM(0.00)[];
	DKIM_TRACE(0.00)[gmail.com:+];
	MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org];
	TAGGED_RCPT(0.00)[freebsd];
	MID_RHS_MATCH_FROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2001:4860:4864::/48, country:US];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	RCVD_IN_DNSWL_NONE(0.00)[2001:4860:4864:20::32:from]
X-Rspamd-Queue-Id: 4VjGKZ1cS6z4YQL

T24gNS8xOS8yNCAxNzozNiwgR2VvcmdlIE1pdGNoZWxsIHdyb3RlOg0KPiAxLiBBcmUgeW91
IGEgVGh1bmRlcmJpcmQgdXNlciBvbiBGcmVlQlNEPw0KPiAyLiBEbyB5b3Ugc2VlIGEgImNo
YXJ0IHdpdGggcmlzaW5nIHRyZW5kLCIgImNoYXJ0IHdpdGggZmFsbGluZyB0cmVuZCwiDQo+
ICJiYXIgY2hhcnQsIiBhbmQgImNsaXBib2FyZCIgZW1vamlzIChVKzFGNEM4IHRocm91Z2gg
VSsxRjRDQikgb24gdGhlDQo+IG5leHQgbGluZT8NCj4g8J+TiMKgwqDCoCDwn5OJwqDCoMKg
IPCfk4rCoMKgwqAg8J+Tiw0KPiBUaGFuayB5b3UgZm9yIHlvdXIgYXR0ZW50aW9uLsKgwqDC
oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oMKgIC0tIEdlb3JnZQ0KDQpJIHNlZSB0aGVtIGluIG15IGRlZmF1bHQgVGh1bmRlcmJpcmQg
c2V0dXAuICBRdWl0ZSBzbWFsbCwgYWJvdXQgdGhlIHNhbWUgDQphcyB0aGUgZm9udCBzaXpl
Lg0KDQotLSANCkxpZmUgaXMgYSBnYW1lLiAgUGxheSBoYXJkLiAgUGxheSBmYWlyLiAgSGF2
ZSBmdW4uDQoNCg==

From nobody Sun May 19 22:58:49 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4VjGN106y3z5L8tM
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Sun, 19 May 2024 22:58:57 +0000 (UTC)
	(envelope-from george+freebsd@m5p.com)
Received: from mailhost.m5p.com (mailhost.m5p.com [74.104.188.4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "m5p.com", Issuer "R3" (not verified))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4VjGN06GZ0z4Zjl
	for <freebsd-hackers@freebsd.org>; Sun, 19 May 2024 22:58:56 +0000 (UTC)
	(envelope-from george+freebsd@m5p.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: from [IPV6:2001:470:8ac4::26] (court.m5p.com [IPv6:2001:470:8ac4:0:0:0:0:26])
	(authenticated bits=0)
	by mailhost.m5p.com (8.17.1/8.17.1) with ESMTPSA id 44JMwnRa067169
	(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO);
	Sun, 19 May 2024 18:58:55 -0400 (EDT)
	(envelope-from george+freebsd@m5p.com)
Message-ID: <3b72bac2-1d40-48d6-9cc2-e43a510387c0@m5p.com>
Date: Sun, 19 May 2024 18:58:49 -0400
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@FreeBSD.org
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: A simpler question
Content-Language: en-US
To: "Alfonso S. Siciliano" <alfix86@gmail.com>, freebsd-hackers@freebsd.org
References: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
 <25471908-df8e-430c-b4a1-feab9c4ca4f9@m5p.com>
 <d2e86abc-686f-4e81-8122-a8d972462c31@gmail.com>
From: George Mitchell <george+freebsd@m5p.com>
Autocrypt: addr=george+freebsd@m5p.com; keydata=
 xjMEZaHDbxYJKwYBBAHaRw8BAQdA2W6oBfS8haXY0/Ft4zS1OTLYfC8EBIADPTgMQdh85C3N
 KEdlb3JnZSBNaXRjaGVsbCA8Z2VvcmdlK2ZyZWVic2RAbTVwLmNvbT7CmQQTFgoAQRYhBDpv
 v9n4+UzMLAJ8EZocD3futmd9BQJlocSiAhsDBQkFo5qABQsJCAcCAiICBhUKCQgLAgQWAgMB
 Ah4HAheAAAoJEJocD3futmd9SxwBAJUi6DNdVhWCZBTv5XGy1g0JgApLWe/3S0M0zz9sn7/L
 AQCcJcV5k5s2rt9J5C1AUm6XVsuneVvIWXO5j1GKWk0NC844BGWhw28SCisGAQQBl1UBBQEB
 B0AaFz/6B95RRvjOdLZr5fSdhuIHvwr24H3ePDZSw6wlUwMBCAfCfgQYFgoAJhYhBDpvv9n4
 +UzMLAJ8EZocD3futmd9BQJlocNvAhsMBQkFo5qAAAoJEJocD3futmd9RXsBANwRD9RE56F6
 /jeZOrujHICLcgPiOt50Y6866v9OUTjUAP9GlC1aopfBpNwuPLJBam7oBaGqvY98VDhzOjoT
 7DNbCQ==
In-Reply-To: <d2e86abc-686f-4e81-8122-a8d972462c31@gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------6GoTgL7qiWGUL7n0UYbQn0fk"
X-Spam-Status: No, score=0.0 required=10.0 tests=HELO_NO_DOMAIN
	autolearn=unavailable autolearn_force=no version=4.0.0
X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on mattapan.m5p.com
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	TAGGED_FROM(0.00)[freebsd];
	ASN(0.00)[asn:701, ipnet:74.104.0.0/16, country:US]
X-Rspamd-Queue-Id: 4VjGN06GZ0z4Zjl

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------6GoTgL7qiWGUL7n0UYbQn0fk
Content-Type: multipart/mixed; boundary="------------FL3JzaT6zysr0efwLV3ZgUc0";
 protected-headers="v1"
From: George Mitchell <george+freebsd@m5p.com>
To: "Alfonso S. Siciliano" <alfix86@gmail.com>, freebsd-hackers@freebsd.org
Message-ID: <3b72bac2-1d40-48d6-9cc2-e43a510387c0@m5p.com>
Subject: Re: A simpler question
References: <bb969df2-7c34-45a7-b2fc-4f65fea64ec9@m5p.com>
 <25471908-df8e-430c-b4a1-feab9c4ca4f9@m5p.com>
 <d2e86abc-686f-4e81-8122-a8d972462c31@gmail.com>
In-Reply-To: <d2e86abc-686f-4e81-8122-a8d972462c31@gmail.com>

--------------FL3JzaT6zysr0efwLV3ZgUc0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

T24gNS8xOS8yNCAxODo0OCwgQWxmb25zbyBTLiBTaWNpbGlhbm8gd3JvdGU6DQo+IE9uIDUv
MjAvMjQgMDA6NDAsIEdlb3JnZSBNaXRjaGVsbCB3cm90ZToNCj4+IE9uIDUvMTkvMjQgMTg6
MzYsIEdlb3JnZSBNaXRjaGVsbCB3cm90ZToNCj4+PiAxLiBBcmUgeW91IGEgVGh1bmRlcmJp
cmQgdXNlciBvbiBGcmVlQlNEPw0KPj4+IDIuIERvIHlvdSBzZWUgYSAiY2hhcnQgd2l0aCBy
aXNpbmcgdHJlbmQsIiAiY2hhcnQgd2l0aCBmYWxsaW5nIHRyZW5kLCINCj4+PiAiYmFyIGNo
YXJ0LCIgYW5kICJjbGlwYm9hcmQiIGVtb2ppcyAoVSsxRjRDOCB0aHJvdWdoIFUrMUY0Q0Ip
IG9uIHRoZQ0KPj4+IG5leHQgbGluZT8NCj4+PiDwn5OIwqDCoMKgIPCfk4nCoMKgwqAg8J+T
isKgwqDCoCDwn5OLDQo+Pj4gVGhhbmsgeW91IGZvciB5b3VyIGF0dGVudGlvbi7CoMKgwqDC
oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC
oCAtLSBHZW9yZ2UNCj4+IFBhcnRpYWxseSBhbnN3ZXJpbmcgbXkgb3duIHF1ZXN0aW9uOiBV
c2luZyBjaHJvbWUgdG8gYnJvd3NlIHRoZSBtYWlsaW5nDQo+PiBsaXN0IGFyY2hpdmUsIHRo
ZSBlbW9qaXMgc2hvd2VkIHVwIHBlcmZlY3RseSwgYXMgdGhleSBkaWQgb24gYSBCY2MgdG8g
bXkNCj4+IGJhY2t1cCBnbWFpbCBhY2NvdW50LsKgIEJ1dCBJIGNvdWxkIG5vdCBzZWUgdGhl
bSB3aGVuIGNvbXBvc2luZyB0aGUNCj4+IG1lc3NhZ2UsIG9yIHJlYWRpbmcgdGhlIG1lc3Nh
Z2UgZnJvbSB0aGUgbGlzdCwgaW4gVGh1bmRlcmJpcmQuDQo+PiAtLSBHZW9yZ2UNCj4gDQo+
IEkgaGF2ZSBqdXN0IGluc3RhbGxlZCBgcGtnIGluc3RhbGwgbm90by1lbW9qaWANCj4gc28g
aSBjYW4gc2VlIHRoZSBlbW9qaSBpbiB0aGlzIGVtYWlsIGluIFRodW5kZXJiaXJkIG9uIENV
UlJFTlQNCj4gKGV4YWN0bHkgYXMgSSBzZWUgdGhlbSBvbiBteSBhbmRyb2lkIHNtYXJ0cGhv
bmUpLg0KPiANCj4gQWxmb25zbw0KSSBoYXZlIG5vdG8tZW1vamkgMi4wNDIgaW5zdGFsbGVk
LCBhbmQgSSBhbSBydW5uaW5nIDEzLjItUkVMRUFTRS1wMTAuDQpCdXQgbm8gdmlzaWJsZSBl
bW9qaXMgd2l0aG91dCBjaHJvbWUuICAgICAgICAgICAgICAgICAgICAgICAgLS0gR2Vvcmdl
DQo=

--------------FL3JzaT6zysr0efwLV3ZgUc0--

--------------6GoTgL7qiWGUL7n0UYbQn0fk
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQQ6b7/Z+PlMzCwCfBGaHA937rZnfQUCZkqEKQUDAAAAAAAKCRCaHA937rZnfRB0
AP9g+E6ZA4G761M12ts7HCKFx3V08gUrdTPDzLc2Fz1w0gEAjpltQo7eXL/ChrL2QQB3oSxK97CB
VNSRCfszhkGETAA=
=t0Kr
-----END PGP SIGNATURE-----

--------------6GoTgL7qiWGUL7n0UYbQn0fk--