From owner-freebsd-security@freebsd.org Fri Mar 24 12:30:18 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AF99BD1BC04 for ; Fri, 24 Mar 2017 12:30:18 +0000 (UTC) (envelope-from Andre.Albsmeier@siemens.com) Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "goliath.siemens.de", Issuer "Siemens Issuing CA Class Internet Server 2013" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3D8EF1532; Fri, 24 Mar 2017 12:30:17 +0000 (UTC) (envelope-from Andre.Albsmeier@siemens.com) Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id v2OCLTNk008405 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 24 Mar 2017 13:21:29 +0100 Received: from curry.mchp.siemens.de (curry.mchp.siemens.de [139.25.40.130]) by mail2.siemens.de (8.15.2/8.15.2) with ESMTP id v2OCLTZQ032132; Fri, 24 Mar 2017 13:21:29 +0100 Received: (from user@localhost) by curry.mchp.siemens.de (8.15.2/8.15.2) id v2OCLTBb042611; Date: Fri, 24 Mar 2017 13:21:29 +0100 From: Andre Albsmeier To: Dimitry Andric Cc: Roger Marquis , freebsd-security@freebsd.org, Ed Maste Subject: Re: /tmp/ecp.* created during kernel build? Message-ID: <20170324122129.GA24947@bali> References: <1612271904400.79526@mx5.roble.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.1 (2016-10-04) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Mar 2017 12:30:18 -0000 On Wed, 28-Dec-2016 at 12:31:49 +0100, Dimitry Andric wrote: > On 28 Dec 2016, at 04:10, Roger Marquis wrote: > > > >> Found a couple of ecp binaries in /tmp, apparently created concurrent > >> with an 11.0 x86_64 kernel build. Anyone else seen this? Could they > >> be related to a "make buildkernel"? > > > > Confirmed 'make buildkernel' does create these files, apparently via > > /usr/src/contrib/elftoolchain/elfcopy/main.c (thanks Adam). > > > > Still odd that these are LSB binaries which don't run on this server and > > nothing including cleanworld removed them. Anyone audited elftoolchain > > recently? > > This looks like a minor bug in elfcopy, when used as objcopy, > specifically when in combination with the --input-target binary flag: > > $ mkdir /tmp/foo > $ export TMPDIR=/tmp/foo > $ ls -l /tmp/foo/ > $ /usr/bin/objcopy --input-target binary --output-target elf64-x86-64-freebsd --binary-architecture i386 cloudabi32_vdso.o bar.o > $ ls -l /tmp/foo > total 12 > -rw-r--r-- 1 dim wheel 10198 2016-12-28 12:29:32 ecp.0xbNAi5i > > E.g. for some reason this does not clean up the temporary file. strip (objcopy) does more curious things: $ cd /tmp $ cp /usr/lib/libc.a . $ strip --strip-debug libc.a $ strip --strip-debug libc.a [1] 960 segmentation fault strip --strip-debug libc.a Interesting is also that libc.a grows(!): Before the strip: -r--r----- 1 andre wheel 2622684 24 Mar 13:18 libc.a After: -r--r----- 1 andre wheel 2713792 24 Mar 13:19 libc.a -Andre > > -Dimitry > -- Never argue with an idiot. They drag you down to their level, then beat you with their experience.