From owner-freebsd-current@freebsd.org Sat Sep 7 15:45:27 2019 Return-Path: Delivered-To: freebsd-current@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4D219D5C21 for ; Sat, 7 Sep 2019 15:45:27 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from smtp-out-no.shaw.ca (smtp-out-no.shaw.ca [64.59.134.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 46Qdzp3WLSz3Cj6 for ; Sat, 7 Sep 2019 15:45:26 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from spqr.komquats.com ([70.67.125.17]) by shaw.ca with ESMTPA id 6ctuiQKz9sAGk6ctviJZR3; Sat, 07 Sep 2019 09:45:24 -0600 X-Authority-Analysis: v=2.3 cv=WeVylHpX c=1 sm=1 tr=0 a=VFtTW3WuZNDh6VkGe7fA3g==:117 a=VFtTW3WuZNDh6VkGe7fA3g==:17 a=kj9zAlcOel0A:10 a=J70Eh1EUuV4A:10 a=6I5d2MoRAAAA:8 a=YxBL1-UpAAAA:8 a=JHFAIFlfradOjb6nKfAA:9 a=CjuIK1q_8ugA:10 a=IjZwj45LgO3ly-622nXo:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTPS id C5959281; Sat, 7 Sep 2019 08:45:21 -0700 (PDT) Received: from slippy.cwsent.com (localhost [127.0.0.1]) by slippy.cwsent.com (8.15.2/8.15.2) with ESMTP id x87FjLnY004451; Sat, 7 Sep 2019 08:45:21 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Received: from slippy (cy@localhost) by slippy.cwsent.com (8.15.2/8.15.2/Submit) with ESMTP id x87FjLS6004448; Sat, 7 Sep 2019 08:45:21 -0700 (PDT) (envelope-from Cy.Schubert@cschubert.com) Message-Id: <201909071545.x87FjLS6004448@slippy.cwsent.com> X-Authentication-Warning: slippy.cwsent.com: cy owned process doing -bs X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7.1 Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Konstantin Belousov cc: Cy Schubert , Harlan Stenn , Vladimir Zakharov , freebsd-current@freebsd.org Subject: Re: ntpd segfaults on start In-reply-to: <20190907153226.GI2559@kib.kiev.ua> References: <20190905061251.rrip6635ebbfimsv@vzakharov> <20190905063354.qxecqjkafikdtdyq@vzakharov> <201909051307.x85D7MGs034053@slippy.cwsent.com> <20190905142817.GB2559@kib.kiev.ua> <201909060355.x863tRhP089169@slippy.cwsent.com> <201909060639.x866dJ7f090176@slippy.cwsent.com> <201909062356.x86NuKdk003780@slippy.cwsent.com> <156d1e7c-0dbb-8707-90b3-13ae97c87449@nwtime.org> <20190907075619.GG2559@kib.kiev.ua> <201909071309.x87D9GxZ089964@slippy.cwsent.com> <20190907153226.GI2559@kib.kiev.ua> Comments: In-reply-to Konstantin Belousov message dated "Sat, 07 Sep 2019 18:32:26 +0300." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sat, 07 Sep 2019 08:45:21 -0700 X-CMAE-Envelope: MS4wfAGSPgiAAhtgvVx3HTrxoJ72AmhcWsy8PI3A6RofCYFD0Cs69ZXT/ie4wEJeJWtahJIu6icgf/IcwPpkVuRPRurXfZJd/tmXec4gQ2MRV8faeemPFCFA dHkELgGuq6zTm6/Lf994ljJyJjSJP4hoou61VUsDQwx279sWV98I8GFFQUaeOyCCIDVDjpAVpfhUM4SU8PHOWvQmVZp5Vmqi0ht0g60nSoiIO007BaZIs3wE X-Rspamd-Queue-Id: 46Qdzp3WLSz3Cj6 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; spf=none (mx1.freebsd.org: domain of cy.schubert@cschubert.com has no SPF policy when checking 64.59.134.13) smtp.mailfrom=cy.schubert@cschubert.com X-Spamd-Result: default: False [-5.04 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; HAS_REPLYTO(0.00)[Cy.Schubert@cschubert.com]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; HAS_XAW(0.00)[]; RCPT_COUNT_FIVE(0.00)[5]; NEURAL_HAM_SHORT(-0.99)[-0.987,0]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:6327, ipnet:64.59.128.0/20, country:CA]; RCVD_TLS_LAST(0.00)[]; RECEIVED_SPAMHAUS_PBL(0.00)[17.125.67.70.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCVD_COUNT_FIVE(0.00)[5]; REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[13.134.59.64.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; IP_SCORE(-2.45)[ip: (-6.67), ipnet: 64.59.128.0/20(-3.09), asn: 6327(-2.40), country: CA(-0.09)] X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 07 Sep 2019 15:45:27 -0000 In message <20190907153226.GI2559@kib.kiev.ua>, Konstantin Belousov writes: > On Sat, Sep 07, 2019 at 06:09:16AM -0700, Cy Schubert wrote: > > In message <20190907075619.GG2559@kib.kiev.ua>, Konstantin Belousov writes: > > > On Sat, Sep 07, 2019 at 12:53:19AM -0700, Harlan Stenn wrote: > > > > Cy, > > > > > > > > On 9/6/2019 4:56 PM, Cy Schubert wrote: > > > > > ... > > > > > > > > > > For those who enable ASLR, a better workaround is, to add this to you > r > > > > > ntp.conf: > > > > > > > > > > rlimit memlock 64 > > > > > > > > > > Until a more precise default is determined. > > > > > > > > Should I change the default value for FreeBSD-12 to be 64 for now? > > > > > > > > I can get this change in place for the upcoming ntp-4.2.8p14 release, > > > > and we can change it later if needed. > > > > > > ASLR is disabled by default, so if anybody tweak a system config, she > > > should know better to tweak ntpd as well. I am fine with changing the > > > defaults for ntpd, but I think that more useful would be to update > > > the documentation (but where to put it ?). > > > > I agree. We should update the documentation for now. 64 MB was my first > > successful test but I suspect we can get it lower, like 47 MB. For now we > > can update the documentation to say that if a person enables ASLR they must > > > add this to ntp.conf. I'll find the best number instead of the current > > sledgehammer. > > > > Where to put it? I've added it to the ASLR wiki (https://wiki.freebsd.org/A > S > > LR) for now. An ASLR page should go into the handbook documenting how to > > use up ASLR and gotchas like this and mitigations. > May be in security(7). Maybe. > > There are actually two workarounds, with enabled ASLR. One is the rlimit, > another one is to disable stack base randomization by gap. The latter works but I'm not enamoured with it. I suppose we can list the workarounds and let the user pick the one they want to use. I've been able to set the memlock rlimit as low as 20 MB. The issue is letting it default to 0 which allows ntp to mlockall() anything it wants. ntpd on my sandbox is currently using 18 MB. -- Cheers, Cy Schubert FreeBSD UNIX: Web: http://www.FreeBSD.org The need of the many outweighs the greed of the few.