From nobody Thu Jan 18 17:55:53 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TG9R33m17z56bZd; Thu, 18 Jan 2024 17:56:15 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta001.cacentral1.a.cloudfilter.net (omta001.cacentral1.a.cloudfilter.net [3.97.99.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TG9R32J1Tz4CY4; Thu, 18 Jan 2024 17:56:15 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; none Received: from shw-obgw-4002a.ext.cloudfilter.net ([10.228.9.250]) by cmsmtp with ESMTPS id QR3vrJOh3xDxGQWcOrk7Ga; Thu, 18 Jan 2024 17:55:56 +0000 Received: from spqr.komquats.com ([70.66.152.170]) by cmsmtp with ESMTPSA id QWcMrEUePwbmvQWcNriIvc; Thu, 18 Jan 2024 17:55:55 +0000 X-Authority-Analysis: v=2.4 cv=O6wqATxW c=1 sm=1 tr=0 ts=65a9662b a=y8EK/9tc/U6QY+pUhnbtgQ==:117 a=y8EK/9tc/U6QY+pUhnbtgQ==:17 a=kj9zAlcOel0A:10 a=dEuoMetlWLkA:10 a=6I5d2MoRAAAA:8 a=ypVJL4-jAAAA:8 a=YxBL1-UpAAAA:8 a=EkcXrb_YAAAA:8 a=Cv665yLbTFUad3qPkJUA:9 a=CjuIK1q_8ugA:10 a=IjZwj45LgO3ly-622nXo:22 a=khIbc0fXALFIcTpOSxgJ:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=LK5xJRSDVpKd5WXXoEvA:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id B9061EB; Thu, 18 Jan 2024 09:55:53 -0800 (PST) Received: by slippy.cwsent.com (Postfix, from userid 1000) id 9CC5E19B; Thu, 18 Jan 2024 09:55:53 -0800 (PST) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Jessica Clarke cc: Shawn Webb , Cy Schubert , "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Subject: Re: git: 0990136ed175 - main - kerberos5: Mitigate the possibility of using an old libcrypto In-reply-to: <973524D3-FCB2-47E1-B04F-BB42E18550C5@freebsd.org> References: <202401181523.40IFNvXI077592@gitrepo.freebsd.org> <973524D3-FCB2-47E1-B04F-BB42E18550C5@freebsd.org> Comments: In-reply-to Jessica Clarke message dated "Thu, 18 Jan 2024 17:43:36 +0000." List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 18 Jan 2024 09:55:53 -0800 Message-Id: <20240118175553.9CC5E19B@slippy.cwsent.com> X-CMAE-Envelope: MS4xfCWzkpbqix54pOr7D0zhuXtPwQH7I4vDDcHnYGFBtoIgujU2kgGqW9IRwn+sluwWqTF94J33qgOx3EWJFV3r2y0XImZLfrygpQXPppcHIGnl4QQ993VF jRLdGTvLws6xZLEb8U8iedpEhtKzCqUdAKZsm//AV3Qkx24Vw02HOHGBAp7FSd/q5iampmandaOG1K3HfWxDHnLwl5ZQ4mlrieH494uFCW0E3l6Tyhnj7B5W Ept67z8ZZyDjjvgLg2oQnWvvXZe/KUgEmH2aojfakO1ZWb8khvGL2jkjBLyo1WwpdMV5WJ5wuCFowFNkYzxs2p3U55Etk12++B3oGUc31tURZQL5WIklgoVu xb/DOf2tYT1zD+d0Gl5SwnTJ/O5Ip+gY4vUmnyXzc5J+q2lZTBM= X-Rspamd-Queue-Id: 4TG9R32J1Tz4CY4 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US] In message <973524D3-FCB2-47E1-B04F-BB42E18550C5@freebsd.org>, Jessica Clarke w rites: > On 18 Jan 2024, at 17:35, Shawn Webb wrote: > >=20 > > On Thu, Jan 18, 2024 at 05:29:47PM +0000, Jessica Clarke wrote: > >> On 18 Jan 2024, at 15:23, Cy Schubert wrote: > >>>=20 > >>> The branch main has been updated by cy: > >>>=20 > >>> URL: = > https://cgit.FreeBSD.org/src/commit/?id=3D0990136ed1753ac7837206f9c5f4b83c= > cff6c405 > >>>=20 > >>> commit 0990136ed1753ac7837206f9c5f4b83ccff6c405 > >>> Author: Cy Schubert > >>> AuthorDate: 2024-01-18 08:22:20 +0000 > >>> Commit: Cy Schubert > >>> CommitDate: 2024-01-18 15:12:14 +0000 > >>>=20 > >>> kerberos5: Mitigate the possibility of using an old libcrypto > >>>=20 > >>> By using the full library name (libcrypto.so.30) we avoid the = > exposure > >>> of using an old, possibly vulnerable, library. > >>>=20 > >>> Reported by: jrtc27 > >>> MFC after: 3 days > >>> X-MFC with: 476d63e091c2 > >>> Fixes: 476d63e091c2 > >>> --- > >>> kerberos5/lib/libroken/fbsd_ossl_provider_load.c | 3 ++- > >>> 1 file changed, 2 insertions(+), 1 deletion(-) > >>>=20 > >>> diff --git a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c = > b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c > >>> index 497b32124f96..2328041bc166 100644 > >>> --- a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c > >>> +++ b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c > >>> @@ -5,6 +5,7 @@ > >>> #include > >>>=20 > >>> #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >=3D 3) > >>> +#define CRYPTO_LIBRARY "/lib/libcrypto.so.30" > >>=20 > >> This still assumes the native ABI is in use, i.e. doesn=E2=80=99t = > account for > >> libcompat. Can we please just drop the directory, or if it=E2=80=99s = > really > >> needed for some reason at least handle the libcompat case? > >=20 > > Using relative paths might carry a potential security risk if the > > LD_LIBRARY_PATH environment variable is set to an attacker-controlled > > directory. > > That=E2=80=99s true for direct linking too, yet we don=E2=80=99t = > hard-code everything > everywhere there. What=E2=80=99s special about dlopen? The reason for dlopen is to avoid building libcrypto during pre-build. libcrypto requires TARGET_ENDIANNESS to be defined. It is not defined when cross building from Linux or MacOS. TARGET_ENDIANNESS is defined by bsd.endian.mk, which state: # During bootstrapping on !FreeBSD OSes, we need to define some value. Short of # having an exhaustive list for all variants of Linux and MacOS we simply do not # set TARGET_ENDIANNESS and poison the other variables. They should be unused # during the bootstrap phases (apart from one place that's adequately protected # in bsd.compiler.mk) where we're building the bootstrap tools. To avoid this requirement during we let libroken build as usual during prebuild and load libcrypto, which is built later, thereby circumventing the prebuild requirement and avoiding redesigning our prebuild to define TARGET_ENDIANNESS for non-FreeBSD OSes. I don't think anyone here is prepared to redesign prebuild for this one single case. And, since Heimdal will be replaced by MIT, the requirement for our old Heimdal to work with OpenSSL 3.0 will disappear. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0