From owner-freebsd-security@freebsd.org  Thu Jun  4 14:23:23 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id BC2422F4EF8
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Thu,  4 Jun 2020 14:23:23 +0000 (UTC)
 (envelope-from carpeddiem@gmail.com)
Received: from mail-io1-f54.google.com (mail-io1-f54.google.com
 [209.85.166.54])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49d7L22Qmdz3g6p
 for <freebsd-security@freebsd.org>; Thu,  4 Jun 2020 14:23:21 +0000 (UTC)
 (envelope-from carpeddiem@gmail.com)
Received: by mail-io1-f54.google.com with SMTP id q8so6496824iow.7
 for <freebsd-security@freebsd.org>; Thu, 04 Jun 2020 07:23:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=sPoTAJuGu4tgjdUjv/A+IX9Yu8DSReRnZBDbDoQwiNg=;
 b=XE8Yh4u/ZFQR9g37fbOrHoi7eveosBGvn8pmV6LBwr/kNtyH/rfokk/KpWdMvI0iJl
 IagYy924nNeM+C1QWdjf9iEds3X3nz9fTKVcydqDJW1S/fiajz6TW6GhvBF9dxOVJv/L
 LnU1v437NTFtexC6RRSsfBj2Q3Hg3ZvAzNg+H4UAupuyifPmkXrsFsg8NGR9CMZTVnlv
 /nwAWITAVcE7IVXopAKZ89oVM7tckY8EZHAPgXeV3+pKuOwzXMry5Lw3qZDcnyZ/U56n
 4IBBgQ+TQb74Zh5WR69eS5MN+ryGjXsBF2BFpba3bGZT8s4CbkXq2BmNlI6aa0Hho806
 E1Ww==
X-Gm-Message-State: AOAM533DRaBISaSeiDU3fRjdWsRcb/GeWYggUhCRw0KDO5KnTztaZz33
 1kYiqDctL49FYoGmDETEGSsrsOh2MBnc0PNdaRdV61oo
X-Google-Smtp-Source: ABdhPJyACgbq35TCMIs5ZU11SWc6f09eum7kc+7QrQ8f+VvrO2AO1wOoFCvijkjAhtySIx9QQRLyZDYEY20rJWyVdD4=
X-Received: by 2002:a05:6638:dd3:: with SMTP id
 m19mr4668934jaj.106.1591280600555; 
 Thu, 04 Jun 2020 07:23:20 -0700 (PDT)
MIME-Version: 1.0
From: Ed Maste <emaste@freebsd.org>
Date: Thu, 4 Jun 2020 10:23:08 -0400
Message-ID: <CAPyFy2Cw_peC6XSvTZS8E=a5t3YtA2W6CakT=E-EQWs3qtfEJQ@mail.gmail.com>
Subject: Improved PIE binary tooling
To: freebsd-security@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 49d7L22Qmdz3g6p
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates
 209.85.166.54 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com
X-Spamd-Result: default: False [-0.20 / 15.00]; RCVD_TLS_ALL(0.00)[];
 FREEMAIL_ENVFROM(0.00)[gmail.com]; ARC_NA(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17];
 MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.15)[-0.152];
 DMARC_NA(0.00)[freebsd.org]; NEURAL_SPAM_SHORT(0.07)[0.068];
 RCVD_IN_DNSWL_NONE(0.00)[209.85.166.54:from];
 NEURAL_HAM_MEDIUM(-0.12)[-0.120];
 FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com];
 RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.166.54:from];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 RCVD_COUNT_TWO(0.00)[2];
 ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
 FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com];
 TO_DOM_EQ_FROM_DOM(0.00)[]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2020 14:23:23 -0000

Kostik and I recently committed a couple of changes to improve PIE
binary support:

r361725 Do not allow to load ET_DYN object with DF_1_PIE flag set.
r361740 lld: Set DF_1_PIE for -pie

Previously there could be ambiguity as to whether an object is a
shared library (DSO) or Position Independent Executable (PIE) binary;
a PIE is in fact a special type of DSO. These changes add a .dynamic
flag DF_1_PIE that's used to unambiguously indicate that an object is
a PIE binary, and disallow the use of dlopen() or DT_NEEDED on that
binary.

Future changes should have file(1) report "position independent
executable" or similar instead of "shared object". Some desktop
environments / file managers have had issues refusing to execute PIE
binaries, and tagging them should also address those.

From owner-freebsd-security@freebsd.org  Fri Jun  5 00:15:12 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4F730337CE9
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Fri,  5 Jun 2020 00:15:12 +0000 (UTC)
 (envelope-from dewayne@heuristicsystems.com.au)
Received: from hermes.heuristicsystems.com.au (hermes.heuristicsystems.com.au
 [203.41.22.115])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2560 bits) client-digest SHA256)
 (Client CN "hermes.heuristicsystems.com.au",
 Issuer "Heuristic Systems Type 4 Host CA" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49dNSr2nLwz4NQR
 for <freebsd-security@freebsd.org>; Fri,  5 Jun 2020 00:15:07 +0000 (UTC)
 (envelope-from dewayne@heuristicsystems.com.au)
Received: from [10.0.5.3] (noddy.hs [10.0.5.3]) (authenticated bits=0)
 by hermes.heuristicsystems.com.au (8.15.2/8.15.2) with ESMTPSA id
 0550DEVS059438
 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT)
 for <freebsd-security@freebsd.org>; Fri, 5 Jun 2020 10:13:14 +1000 (AEST)
 (envelope-from dewayne@heuristicsystems.com.au)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
 d=heuristicsystems.com.au; s=hsa; t=1591315994; x=1591920795;
 bh=xCUj7EH6eUgswr/ROgS992siAqobH/4keyrQ8/nlCUM=;
 h=Subject:To:From:Message-ID:Date;
 b=NdlH9JtojNKgQ8B178pnK4lS1GVPmE+uWYT3o03Gcw9pQoQL0rzxyp0UCLiOkFxgM
 c69HV6F9UTw8eAdwfm1PTAB9LpWQ69Evn8VcS1lkpRnm/IIJxOdBz2ggBNqCisugEU
 3TGC4ouSYwPsUMUgZTJJOEBBiMrMp6I3Xazt61vDmoC0Qc/9AXuh8
X-Authentication-Warning: b3.hs: Host noddy.hs [10.0.5.3] claimed to be
 [10.0.5.3]
Subject: Re: Improved PIE binary tooling
To: freebsd-security@freebsd.org
References: <CAPyFy2Cw_peC6XSvTZS8E=a5t3YtA2W6CakT=E-EQWs3qtfEJQ@mail.gmail.com>
From: Dewayne Geraghty <dewayne@heuristicsystems.com.au>
Autocrypt: addr=dewayne@heuristicsystems.com.au; prefer-encrypt=mutual;
 keydata=
 mQFNBFbOsVMBCgDfvi2PspSwoMEtFhF+aFLQKtzSA9f0dhDqthKHESdfbqxvKzhkBjvTJ5Na
 EgjKoKfoQTh5xuIv3HLhtDo5PeasPgQl9cPJeriqmqlS+UhY5BGYcMc1AO/TX0fsDaQz96ko
 at3RUW7sff/qPgVzSurk+DV5h866gPdn5Jdjohyl2F1rzRl6dnaAIyg49zlwZOnPHJGKye+B
 meqUCnPRglhkpNqXR3v1ulbWpfwhdNDvWT82qTG/qsFy/agjJvxwLuEBeoGc1dPWasO8Nztt
 0dqf1Lpeg6SX2yJd76WVS4znt88OEbx/QL2PTJ/YtSepS68WaeKuARKPukkU+QXDep0gaLPl
 /TvU5xAZndNB3rYnpmoLb32pDHlrJbZUVyTMqc3J2EYM6aaizCpg4VEvVpVSqUT4D9MuREhu
 PeZ3SvEazQARAQABiQF3BB8BCAAhBQJWzrFTFwyAAWHe5yZt8RJL0vaU1MfDto5dBmeFAgcA
 AAoJEJVk7a1LmFrdy2QJ/AysDdFIMCRiaqEellprZQyEz5I/qZJEi6yRfXH813hhISFz6moh
 urZYLQ9SRdyMntT8W3Oc4pJc9fF9RSnY0SSQY/arZbrvsv6hKb1KtIK7P5mLS914J9buxEcJ
 SWeVuOuMA9aCNqg5uMu19pH5pXayORfbv+K7vFPiyllZ64ShUWZJL69vAc/TsbvMrGtG1M4P
 qyWCOKEiUT93zhVGQoA0aUYjMAZoyvozZCuieo4O8hkPgMz9lka+3bqQBSOB+qO4Iz+CZs0k
 Lw7Soga6bRqLK86DH99WjTA6Oj1r8Won+j4V9fnTDCVJoSyqdVHLySDv/lHaNu4Ia4AO4i2d
 shmLw03gOUvoWLJx5X01A5Zio4FvecnpZqQ0Wz5Ph9MiK3lwarfjonTOLeNGd5BpdnHu5VRC
 fJml7uAYeyKsD8C4tEBEZXdheW5lIEdlcmFnaHR5IDxkZXdheW5lLmdlcmFnaHR5QGNvbnNj
 aXVtaW50ZXJuYXRpb25hbC5jb20uYXU+iQGXBBMBCABBAhshCwsKDQkIDAcLAwIECBUKCQgL
 AwIBBRYDAgEAAh4BAheAFiEEC8bIxjMx+sDl4ZCClWTtrUuYWt0FAl5UUOgACgkQlWTtrUuY
 Wt3xZAn/W/mq5nDhLIfqxVM9GbU8rGzNsGLfnt5NCVcWlBKhgxOOw9EWkcRTMymwX9OMqwxI
 +te6Gvy7rG53T2xprtsQyqESZmjWcUSEPsQ9hjw4VZCL15ftBeZMYyO2T1e41UImXAlftleT
 2kXCktgyAfwfCzHhFiZM8k9QMFQV1x+JukJ9xPFBgICRLsLsVNVw/R1L7KqARuws4HqXxY1J
 SCpO+FB4b6tWSIRKbzlb6tctdKppKbG/adVYuoK61ngvmsAzy/9OLhF8u1MNCgyFd2woOErh
 /zyuap8KvJZMlwAIqpjsoHyXsa0cq8A/uNQSmodwBpRsEGXCmZIZq2FJw6N+38to8C8m97q0
 YWrY63VsoA6hA4A4/ywzE3EiwGvqJQBMRv2ET3TIdTyLoEIwXq2bDPU7XTZGh5UZEsKFMHH5 228=
Message-ID: <41b8b5b5-9589-d9f8-3844-3a9df15d86f2@heuristicsystems.com.au>
Date: Fri, 5 Jun 2020 10:12:42 +1000
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:68.0) Gecko/20100101
 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <CAPyFy2Cw_peC6XSvTZS8E=a5t3YtA2W6CakT=E-EQWs3qtfEJQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-GB
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 49dNSr2nLwz4NQR
X-Spamd-Bar: -----
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=heuristicsystems.com.au header.s=hsa header.b=NdlH9Jto;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of dewayne@heuristicsystems.com.au
 designates 203.41.22.115 as permitted sender)
 smtp.mailfrom=dewayne@heuristicsystems.com.au
X-Spamd-Result: default: False [-5.49 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[];
 R_DKIM_ALLOW(-0.20)[heuristicsystems.com.au:s=hsa];
 NEURAL_HAM_MEDIUM(-1.04)[-1.042]; FROM_HAS_DN(0.00)[];
 DWL_DNSWL_MED(-2.00)[heuristicsystems.com.au:dkim];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx];
 MIME_GOOD(-0.10)[text/plain]; HAS_XAW(0.00)[];
 TO_DN_NONE(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[];
 RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.01)[-1.014];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 RCVD_IN_DNSWL_MED(-0.20)[203.41.22.115:from];
 DKIM_TRACE(0.00)[heuristicsystems.com.au:+];
 DMARC_NA(0.00)[heuristicsystems.com.au];
 NEURAL_HAM_SHORT(-0.23)[-0.234]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:1221, ipnet:203.40.0.0/13, country:AU];
 RCVD_TLS_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 00:15:12 -0000

Thank-you Ed.  Though I have two questions:

1. We've recompiled all the ports I use with either -fPIC or -fPIE and
the linker flag -pie. Is there something required for ports to utilise
these changes, or are the changes only in the mk files affecting the
base system build?

2. I've also taken advantage of employing -fstack-clash-protection,
unfortunately this is currently only available via gcc (we're using gcc9
at the moment).  Does the fact that we use gcc9 and binutils 2.33.1
influence the outcome of your changes?

Regards, Dewayne
PS an interesting aside, there are a surprising number of ports that use
the _FORTIFY_SOURCE=2 so the application developers are well
intentioned, a nice (though futile) effort, because libc doesn't have
the *_chk macros.  At least we're all heading in the right direction to
deny malcontents easy unauthorised access. :)

On 5/06/2020 12:23 am, Ed Maste wrote:
> Kostik and I recently committed a couple of changes to improve PIE
> binary support:
> 
> r361725 Do not allow to load ET_DYN object with DF_1_PIE flag set.
> r361740 lld: Set DF_1_PIE for -pie
> 
> Previously there could be ambiguity as to whether an object is a
> shared library (DSO) or Position Independent Executable (PIE) binary;
> a PIE is in fact a special type of DSO. These changes add a .dynamic
> flag DF_1_PIE that's used to unambiguously indicate that an object is
> a PIE binary, and disallow the use of dlopen() or DT_NEEDED on that
> binary.
> 
> Future changes should have file(1) report "position independent
> executable" or similar instead of "shared object". Some desktop
> environments / file managers have had issues refusing to execute PIE
> binaries, and tagging them should also address those.
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
> 


From owner-freebsd-security@freebsd.org  Fri Jun  5 14:36:41 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id B0A6332CC42
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Fri,  5 Jun 2020 14:36:41 +0000 (UTC)
 (envelope-from carpeddiem@gmail.com)
Received: from mail-io1-f53.google.com (mail-io1-f53.google.com
 [209.85.166.53])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49dlZw6m85z3yBT
 for <freebsd-security@freebsd.org>; Fri,  5 Jun 2020 14:36:40 +0000 (UTC)
 (envelope-from carpeddiem@gmail.com)
Received: by mail-io1-f53.google.com with SMTP id q8so10518649iow.7
 for <freebsd-security@freebsd.org>; Fri, 05 Jun 2020 07:36:40 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=5OVswxJObOipY+aWtTwIaK13l+DjnGlSUp9WdY/3ACc=;
 b=jc1mxhkbG5L82X/FWKDuL2FNzsw5W9oFI2AYc8uEcbM9xcDJ7kWrOxJeWWle1fKaaL
 7N53uLi7sAyb9RrrVhHzaIfhItcHIWAxhlXuWG7A8tbAHH24wbOvZgDPE1BfhoQ5C8Y3
 PvmRdcqPcSq7vAnvdt2cyWJQeLUHoL/AJUNktHO/Zx6Rt31vD6COqznqqcZkt37POTpK
 fPCH74oRfD1A34VI6se5G/HeiL3gyvoZ0mp72AmqkRYI5yQwlxRfYYE0PAn4tCemM6E+
 laO4Cn6pviYPyOXx3szqCbcI7GfeJVjVmWDkjXn7S7jZjv1UKuRuxck9o5eXs0D4yv/z
 AZTg==
X-Gm-Message-State: AOAM530wdECeahXkHC4szD9SeU11zGrqbCxmDsl7y0QMKa0sc+AAjIAC
 OdJHHKCQY+8Nn2c2fpjvQzn1tnHIm8ECf8YC6jW8eg==
X-Google-Smtp-Source: ABdhPJyQim25gnhxtAkWKHGGmEY7cJN0psivnW6w/CA3ODXk/MMbwzymCxkDFDUEwTujx0w+SoP8w/u2BjnZ91Q9qL4=
X-Received: by 2002:a05:6638:dd3:: with SMTP id
 m19mr9087199jaj.106.1591367800016; 
 Fri, 05 Jun 2020 07:36:40 -0700 (PDT)
MIME-Version: 1.0
References: <CAPyFy2Cw_peC6XSvTZS8E=a5t3YtA2W6CakT=E-EQWs3qtfEJQ@mail.gmail.com>
 <41b8b5b5-9589-d9f8-3844-3a9df15d86f2@heuristicsystems.com.au>
In-Reply-To: <41b8b5b5-9589-d9f8-3844-3a9df15d86f2@heuristicsystems.com.au>
From: Ed Maste <emaste@freebsd.org>
Date: Fri, 5 Jun 2020 10:36:27 -0400
Message-ID: <CAPyFy2DaTtiZTgiEt2oqg1v47ziqN1rG9N1Kdqq2pKPuEJc-LQ@mail.gmail.com>
Subject: Re: Improved PIE binary tooling
To: Dewayne Geraghty <dewayne@heuristicsystems.com.au>
Cc: freebsd-security@freebsd.org
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 49dlZw6m85z3yBT
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of carpeddiem@gmail.com designates
 209.85.166.53 as permitted sender) smtp.mailfrom=carpeddiem@gmail.com
X-Spamd-Result: default: False [-2.04 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.002]; RCVD_TLS_ALL(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c];
 NEURAL_HAM_LONG(-0.99)[-0.987]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 DMARC_NA(0.00)[freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 NEURAL_HAM_SHORT(-0.05)[-0.048]; RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[209.85.166.53:from];
 FORGED_SENDER(0.30)[emaste@freebsd.org,carpeddiem@gmail.com];
 RWL_MAILSPIKE_POSSIBLE(0.00)[209.85.166.53:from];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
 FROM_NEQ_ENVFROM(0.00)[emaste@freebsd.org,carpeddiem@gmail.com];
 FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 14:36:41 -0000

On Thu, 4 Jun 2020 at 20:15, Dewayne Geraghty
<dewayne@heuristicsystems.com.au> wrote:
>
> Thank-you Ed.  Though I have two questions:
>
> 1. We've recompiled all the ports I use with either -fPIC or -fPIE and
> the linker flag -pie. Is there something required for ports to utilise
> these changes, or are the changes only in the mk files affecting the
> base system build?

No additional change is needed - the linker will automatically add
this flag when -pie is specified.

> 2. I've also taken advantage of employing -fstack-clash-protection,
> unfortunately this is currently only available via gcc (we're using gcc9
> at the moment).  Does the fact that we use gcc9 and binutils 2.33.1
> influence the outcome of your changes?

Mmm, good question - the LLD commit indicated that binutils should set
this too, but I haven't tried. You can check `readelf -d` on one of
your PIE binaries, and if the flag is not set probably submit a PR
against devel/binutils.

-fstack-clash-protection is in Clang now, but it landed after 10.0.
The next Clang update will include it. (It was actually committed and
reverted four times, but stuck on the fifth try.)

From owner-freebsd-security@freebsd.org  Fri Jun  5 18:45:17 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 95CED33440D
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Fri,  5 Jun 2020 18:45:17 +0000 (UTC)
 (envelope-from rollingbits@gmail.com)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com
 [IPv6:2607:f8b0:4864:20::82e])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49ds5m67Z8z4XhJ
 for <freebsd-security@freebsd.org>; Fri,  5 Jun 2020 18:45:16 +0000 (UTC)
 (envelope-from rollingbits@gmail.com)
Received: by mail-qt1-x82e.google.com with SMTP id z1so9377462qtn.2
 for <freebsd-security@freebsd.org>; Fri, 05 Jun 2020 11:45:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=content-transfer-encoding:from:mime-version:date:subject:message-id
 :to; bh=Ypm94ypRWJNkdvGdw9xq6rqGyOUeA+vP67/grvVO/eQ=;
 b=s3CGadYjT62dTMOA5btK6/ATuctrICd4qtWTMzfcQsfIs1qdVwpm5+uR9gt3yilIIC
 1raGdtifsKttQvGnto1c2JPEvtGC9uSZaQ8cy5KUHat7mzztwTLmf5gQnLfaFE9cfEnk
 S5G+WeciPvuIckOlGybKX7VjidPp0XU+bcWOR6vdBU75jiCVTFW+TRWexdxwjipuK1rl
 LDgkPyunjHrBZQM22mh9khWIIm3p4UojmK9HTGodv3yKfwt7b5T0f17V/P3zgsK1tYVj
 P1OwQA4yC79PD3B0jqKKR0frpD+S7lJZMtQulDHmlPwsRIN0sM6oyFrO12mht5w3QYCZ
 2Bug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:content-transfer-encoding:from:mime-version:date
 :subject:message-id:to;
 bh=Ypm94ypRWJNkdvGdw9xq6rqGyOUeA+vP67/grvVO/eQ=;
 b=BUCu0Alkm4nFFo/5yA45XjqKS+bcY5kEjf3/e6593nCUmXIajtbH9PUn/Xwsby1Stf
 GOBLeBYsoQm9ttEsP/tIasyVD6H6k+m3iQdOfNGT1lNmBJOuwXKq+0+hRlcaP8/CVlRN
 FHuNSY15ko5rsD28I3tkNUDsU+vVBOMLytzwhvZM4SkhINSGJGrV8jJ/MK+zzjv6+DAH
 GIWMvtiHT9+kLdLIXlBNrXQhLfg7SN3/IHoBZ+rU0pNrAeEsQ93jHo9DwFnUw8dsEhhe
 iiHCRTEReNc9qfxQRqW1ZsJZz5HuZFeIDCj6hq4/PpDvvNFJRXkX9bqDOQPrggyK7plL
 8kkQ==
X-Gm-Message-State: AOAM533WVv8jHMAXe2RzcE4zHMQ+wEoDOvo9RfGdwcJeOwya+YzAwlLg
 M1D2h9JTaZZ7dDIV2uNov+OkDQnCUSI=
X-Google-Smtp-Source: ABdhPJzm0D2APwilw7e9kdX2xoaJgMnrUYqkmNALSq4LRAsRk+pBrHGD/FnlRClf/tukT1h5vqe0ug==
X-Received: by 2002:ac8:1288:: with SMTP id y8mr11245851qti.208.1591382715800; 
 Fri, 05 Jun 2020 11:45:15 -0700 (PDT)
Received: from ?IPv6:2804:389:1012:18a7:1c27:9908:181f:ec15?
 ([2804:389:1012:18a7:1c27:9908:181f:ec15])
 by smtp.gmail.com with ESMTPSA id u7sm493760qkb.7.2020.06.05.11.45.14
 for <freebsd-security@freebsd.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 05 Jun 2020 11:45:15 -0700 (PDT)
From: =?utf-8?Q?Lucas_Nali_de_Magalh=C3=A3es?= <rollingbits@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Fri, 5 Jun 2020 15:45:13 -0300
Subject: Odd ssh sessions
Message-Id: <233888CA-37AE-4C9F-9CD8-2B56478CA601@gmail.com>
To: freebsd-security@freebsd.org
X-Mailer: iPhone Mail (17F80)
X-Rspamd-Queue-Id: 49ds5m67Z8z4XhJ
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=s3CGadYj;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of rollingbits@gmail.com designates
 2607:f8b0:4864:20::82e as permitted sender)
 smtp.mailfrom=rollingbits@gmail.com
X-Spamd-Result: default: False [-1.96 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 FREEMAIL_FROM(0.00)[gmail.com]; MV_CASE(0.50)[];
 TO_DN_NONE(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 NEURAL_HAM_SHORT(-0.17)[-0.170]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 MID_RHS_MATCH_FROM(0.00)[]; R_MIXED_CHARSET(0.71)[subject];
 DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.996];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.004];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 RCPT_COUNT_ONE(0.00)[1];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::82e:from];
 RCVD_TLS_ALL(0.00)[]
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.33
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 18:45:17 -0000

Hi.

I've an old machine where I play with FreeBSD and after a while off, I came b=
ack and noted that sometimes when I enter an ssh session part of the text re=
peats. It can be many lines or it can be just one or even it can be none. So=
 it also looks like I found a memory problem. Is it just me?

Thanks in advance

--=20
rollingbits =E2=80=94 =F0=9F=93=A7 rollingbits@gmail.com =F0=9F=93=A7 rollin=
gbits@terra.com.br =F0=9F=93=A7 rollingbits@yahoo.com =F0=9F=93=A7 rollingbi=
ts@globo.com =F0=9F=93=A7 rollingbits@icloud.com=

From owner-freebsd-security@freebsd.org  Fri Jun  5 18:48:07 2020
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1A12B334680
 for <freebsd-security@mailman.nyi.freebsd.org>;
 Fri,  5 Jun 2020 18:48:07 +0000 (UTC)
 (envelope-from rollingbits@gmail.com)
Received: from mail-qv1-xf2c.google.com (mail-qv1-xf2c.google.com
 [IPv6:2607:f8b0:4864:20::f2c])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49ds920wjgz4Y71
 for <freebsd-security@freebsd.org>; Fri,  5 Jun 2020 18:48:05 +0000 (UTC)
 (envelope-from rollingbits@gmail.com)
Received: by mail-qv1-xf2c.google.com with SMTP id e2so5202891qvw.7
 for <freebsd-security@freebsd.org>; Fri, 05 Jun 2020 11:48:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=content-transfer-encoding:from:mime-version:subject:date:message-id
 :references:in-reply-to:to;
 bh=xkwVp/Haoa43UzTaX264k/JBosLUKv72/f2uFt6gXho=;
 b=srWX3Dm1n6dkJ5qD7skPXCRSOygH+PnY7W6ETbthSC0U+zOnGeMqBY1T82nvY/rR9q
 3+bfj0V8i02OQdtUBtHlpx8bBgLGt/yIYEZP+JoDTeSMQBfqlOMnL0dsvvfruZZi10vR
 2WcgQXnnCoz3JBn2BUyVbfY+nYBzC0wvrsfGtAEvQoMghAAGUk5vPzVD3jBNP5JVqiK3
 Ux6KrkN60IwU5Kups/w0pLokiKjHt7YT0YTWXJB3871whZvQinU0ge2arU4D0cXSzHmZ
 3QXQP+dY9MA9I4yz+3I6o2UarWsryTy702Vda1ILH5a06QLofRCqc0afBSL1auk+6TjM
 EZvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:content-transfer-encoding:from:mime-version
 :subject:date:message-id:references:in-reply-to:to;
 bh=xkwVp/Haoa43UzTaX264k/JBosLUKv72/f2uFt6gXho=;
 b=IQDyT+ARh2KgGsz/6fcFut++pHDHWuMU/ROXa2z3ENwgUXT15OYEMM2J7+lyjzx47O
 Zz5xiIlC7sv2Hk6Y/mPAnLXuncuCuiLcZfpvOXWYGWd/PNlPpC08qRmj9fwj9GSLr0JX
 x5v+Kzo3iquQj4sWVs/+dON3BRcs/xEcoLbbgAYJAaWwqdLScNp3sbr7c3cnWHydkpoC
 KnwLdK5h/O+0uAHbYw8lOosXM7/4ibZ1UfYt9TgY3Xip1k4OqEd8AXwRdhrAlqszR4mt
 JqzE2F8nQp56teb+gxayrK8G11WeNEEOt2pGt8xcmYw1e7DL+YsJmsvaNzJOUuTVJ31g
 Eijw==
X-Gm-Message-State: AOAM531Rg16mk/vOM4HCTdCn7MVxdElBaucxxkQracXTqzT8kokKbT3G
 iz9+r9hjqdBHh/B/yINzXk8TGSVUdV8=
X-Google-Smtp-Source: ABdhPJxh+aKe3xye9/Vr6GIFxHWBPyd6pUmEAGJlZnRK1qyO0tT9Nl9DgDz1WrcQi5prKfRXMPuDIg==
X-Received: by 2002:a05:6214:1342:: with SMTP id
 b2mr11392292qvw.80.1591382884950; 
 Fri, 05 Jun 2020 11:48:04 -0700 (PDT)
Received: from ?IPv6:2804:389:1012:18a7:1c27:9908:181f:ec15?
 ([2804:389:1012:18a7:1c27:9908:181f:ec15])
 by smtp.gmail.com with ESMTPSA id h8sm508792qto.0.2020.06.05.11.48.04
 for <freebsd-security@freebsd.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 05 Jun 2020 11:48:04 -0700 (PDT)
From: =?utf-8?Q?Lucas_Nali_de_Magalh=C3=A3es?= <rollingbits@gmail.com>
Mime-Version: 1.0 (1.0)
Subject: Re: Odd ssh sessions
Date: Fri, 5 Jun 2020 15:48:01 -0300
Message-Id: <98B2AD08-8933-4111-ADF2-F22F71E8CCAF@gmail.com>
References: <233888CA-37AE-4C9F-9CD8-2B56478CA601@gmail.com>
In-Reply-To: <233888CA-37AE-4C9F-9CD8-2B56478CA601@gmail.com>
To: freebsd-security@freebsd.org
X-Mailer: iPhone Mail (17F80)
X-Rspamd-Queue-Id: 49ds920wjgz4Y71
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=srWX3Dm1;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of rollingbits@gmail.com designates
 2607:f8b0:4864:20::f2c as permitted sender)
 smtp.mailfrom=rollingbits@gmail.com
X-Spamd-Result: default: False [-2.05 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 MV_CASE(0.50)[];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c];
 FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[];
 RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 NEURAL_HAM_SHORT(-0.18)[-0.175]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:~];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 MID_RHS_MATCH_FROM(0.00)[]; R_MIXED_CHARSET(0.62)[subject];
 DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.996];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.005];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org];
 RCPT_COUNT_ONE(0.00)[1];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f2c:from];
 RCVD_TLS_ALL(0.00)[]
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.33
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jun 2020 18:48:07 -0000

> On Jun 5, 2020, at 3:45 PM, Lucas Nali de Magalh=C3=A3es <rollingbits@gmai=
l.com> wrote:
>=20
> I've an old machine where I play with FreeBSD and after a while off, I cam=
e back and noted that sometimes when I enter an ssh session part of the text=
 repeats. It can be many lines or it can be just one or even it can be none.=
 So it also looks like I found a memory problem. Is it just me?

And I'm going from FreeBSD 12.1-p3 to 12.1-p5 in this case.

--=20
rollingbits =E2=80=94 =F0=9F=93=A7 rollingbits@gmail.com =F0=9F=93=A7 rollin=
gbits@terra.com.br =F0=9F=93=A7 rollingbits@yahoo.com =F0=9F=93=A7 rollingbi=
ts@globo.com =F0=9F=93=A7 rollingbits@icloud.com