Date: Wed, 11 Jun 2025 23:22:02 -0400 From: Warner Losh <imp@bsdimp.com> To: Shawn Webb <shawn.webb@hardenedbsd.org> Cc: Jessica Clarke <jrtc27@freebsd.org>, Warner Losh <imp@freebsd.org>, Ricardo Branco <rbranco@suse.de>, src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: 3d12567133bf - main - Add the POSIX sig2str(3) & str2sig(3) calls Message-ID: <CANCZdfriNU1am8Qi0XEPFL_mb_djd9Ogpe7DtqzV-YGeBSKOGQ@mail.gmail.com> In-Reply-To: <hy7cdktgjzdrup3aqmcveejkzzx3zgaebjbk5mgfwjn37bgj5n@gzu2nfpbmh4w> References: <202506112316.55BNGeGh046207@gitrepo.freebsd.org> <ngi7bslz4knvlxm2x53mc6uyf5capuyb6pvftwwczfdv2nhjp2@ybinoxkw6vyc> <CANCZdfrDU8x5atpC0jGhi66G6OO9ELKTV-Wyvb4yFaNM4Atxcg@mail.gmail.com> <86507548-1B8C-4CD1-BB18-C884D38EA489@freebsd.org> <hy7cdktgjzdrup3aqmcveejkzzx3zgaebjbk5mgfwjn37bgj5n@gzu2nfpbmh4w>
next in thread | previous in thread | raw e-mail | index | archive | help
commit d8b51259caee09a4080e524ac254e1f5aecc46cc (HEAD -> main)
Author: Warner Losh <imp@FreeBSD.org>
Date: Wed Jun 11 21:14:16 2025 -0600
ssp: Protect sig2str with proper visibility markers
We only define SIG2STR_MAX with careful visibility, but define the
fortified version unconditionally. It needs to have the same visibility
both places.
Fixes: 3d12567133bf
Reviewed by: jrtc27, kevans
Sponsored by: Netflix
diff --git a/include/ssp/signal.h b/include/ssp/signal.h
index 9f1a926b9db6..fb1da0db90d1 100644
--- a/include/ssp/signal.h
+++ b/include/ssp/signal.h
@@ -35,6 +35,7 @@
__BEGIN_DECLS
+#if __POSIX_VISIBLE >=3D 202405 || __BSD_VISIBLE
__ssp_redirect_raw_impl(int, sig2str, sig2str,
(int signum, char *__restrict str))
{
@@ -43,6 +44,7 @@ __ssp_redirect_raw_impl(int, sig2str, sig2str,
return (__ssp_real(sig2str)(signum, str));
}
+#endif
__END_DECLS
should fix it. I'm testing a build before pushing... does that work for yo=
u?
Warner
Warner
On Wed, Jun 11, 2025 at 11:14=E2=80=AFPM Shawn Webb <shawn.webb@hardenedbsd=
.org> wrote:
>
> On Thu, Jun 12, 2025 at 04:05:05AM +0100, Jessica Clarke wrote:
> > On 12 Jun 2025, at 03:59, Warner Losh <imp@bsdimp.com> wrote:
> > >
> > > On Wed, Jun 11, 2025 at 10:56=E2=80=AFPM Shawn Webb <shawn.webb@harde=
nedbsd.org> wrote:
> > >>
> > >> On Wed, Jun 11, 2025 at 11:16:40PM +0000, Warner Losh wrote:
> > >>> The branch main has been updated by imp:
> > >>>
> > >>> URL: https://cgit.FreeBSD.org/src/commit/?id=3D3d12567133bfb4082a51=
15f16a71a865ff2af7fb
> > >>>
> > >>> commit 3d12567133bfb4082a5115f16a71a865ff2af7fb
> > >>> Author: Ricardo Branco <rbranco@suse.de>
> > >>> AuthorDate: 2025-05-10 20:56:03 +0000
> > >>> Commit: Warner Losh <imp@FreeBSD.org>
> > >>> CommitDate: 2025-06-11 23:16:22 +0000
> > >>>
> > >>> Add the POSIX sig2str(3) & str2sig(3) calls
> > >>>
> > >>> Signed-off-by: Ricardo Branco <rbranco@suse.de>
> > >>> Reviewed by: imp, kib, des, jilles
> > >>> Pull Request: https://github.com/freebsd/freebsd-src/pull/1696
> > >>> ---
> > >>> include/signal.h | 9 ++++
> > >>> lib/libc/gen/Makefile.inc | 3 ++
> > >>> lib/libc/gen/Symbol.map | 2 +
> > >>> lib/libc/gen/psignal.3 | 56 ++++++++++++++++++++++-
> > >>> lib/libc/gen/sig2str.c | 112 +++++++++++++++++++++++++++++++++++=
+++++++++++
> > >>> 5 files changed, 180 insertions(+), 2 deletions(-)
> > >>>
> > >>> diff --git a/include/signal.h b/include/signal.h
> > >>> index c1d341f317f4..22fefb63568f 100644
> > >>> --- a/include/signal.h
> > >>> +++ b/include/signal.h
> > >>> @@ -40,6 +40,10 @@
> > >>> #include <sys/_ucontext.h>
> > >>> #endif
> > >>>
> > >>> +#if __POSIX_VISIBLE >=3D 202405 || __BSD_VISIBLE
> > >>> +#define SIG2STR_MAX 32 /* size of buffer required for sig2st=
r() */
> > >>> +#endif
> > >>
> > >> Hey Warner and Ricardo,
> > >>
> > >> The above breaks building world when _FORTIFY_SOURCE=3D2. I've commi=
tted
> > >> in HardenedBSD a fix:
> > >> https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/0572db2=
82c5a542fe0de52739932e91eade537ed
> > >>
> > >> I suppose that the !defined gate might not actually be desired, sinc=
e
> > >> doing it the way I did might cause issues if third-party code define=
s
> > >> the macro to a value smaller than what libc was built with. I might
> > >> remove that gate.
> > >
> > > I don't think we need the !defined part of it...
> > >
> > > But what software is breaking? What's the error message? Maybe the
> > > fact it's undefined is pointing at a different bug=E2=80=A6
> >
> > Probably include/ssp/signal.h unconditionally defining the wrapper?
> > Presumably gating that with the same condition as sig2str itself would
> > fix things properly rather than such bogus hacks.
> >
> > But yes, including the actual error message when reporting a build
> > failure would have been helpful.
>
> I apologize. I indeed should have included the error message. It's
> included below.
>
> =3D=3D=3D=3D BEGIN LOG =3D=3D=3D=3D
> =3D=3D=3D> lib/liblua (all)
> cc -target x86_64-unknown-freebsd15.0 --sysroot=3D/usr/obj/usr/src/amd64.=
amd64/tmp -B/usr/obj/usr/src/amd64.amd64/tmp/usr/bin -O2 -pipe -fno-common=
-DHARDENEDBSD -I/usr/src/lib/liblua -I/usr/src/lib/liblua/modules -I/usr/s=
rc/contrib/lua/src -DLUA_PROGNAME=3D"\"\"" -g -gz=3Dzlib -mretpoline -fPI=
C -flto -fzero-call-used-regs=3Dused -MD -MF.depend.lapi.o -MTlapi.o -std=
=3Dgnu17 -Wno-format-zero-length -fstack-protector-strong -D_FORTIFY_SOURCE=
=3D2 -Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -Wno=
-pointer-sign -Wdate-time -Wno-empty-body -Wno-string-plus-int -Wno-unused-=
const-variable -Wno-error=3Dunused-but-set-parameter -Wno-error=3Dcast-func=
tion-type-mismatch -Wno-tautological-compare -Wno-unused-value -Wno-parenth=
eses-equality -Wno-unused-function -Wno-enum-conversion -Wno-unused-local-t=
ypedef -Wno-address-of-packed-member -Wno-switch -Wno-switch-enum -Wno-knr-=
promoted-parameter -Qunused-arguments -c /usr/src/contrib/lua/src/lapi=
.c -o lapi.o
> In file included from /usr/src/contrib/lua/src/lapi.c:19:
> In file included from /usr/src/contrib/lua/src/lapi.h:12:
> In file included from /usr/src/contrib/lua/src/lstate.h:130:
> In file included from /usr/obj/usr/src/amd64.amd64/tmp/usr/include/signal=
.h:76:
> /usr/obj/usr/src/amd64.amd64/tmp/usr/include/ssp/signal.h:41:23: error: u=
se of undeclared identifier 'SIG2STR_MAX'
> 41 | if (__ssp_bos(str) < SIG2STR_MAX)
> | ^
> 1 error generated.
> *** Error code 1
>
> Stop.
> make[5]: stopped making "all" in /usr/src/lib/liblua
> =3D=3D=3D=3D END LOG =3D=3D=3D=3D
>
> --
> Shawn Webb
> Cofounder / Security Engineer
> HardenedBSD
>
> Signal Username: shawn_webb.74
> Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
> https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/0=
3A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfriNU1am8Qi0XEPFL_mb_djd9Ogpe7DtqzV-YGeBSKOGQ>