Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Oct 2019 20:39:36 +0000
From:      bugzilla-noreply@freebsd.org
To:        ports-bugs@FreeBSD.org
Subject:   [Bug 241421] net/ntp segfaults with stack_gap!=0
Message-ID:  <bug-241421-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D241421

            Bug ID: 241421
           Summary: net/ntp segfaults with stack_gap!=3D0
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: cy@FreeBSD.org
          Reporter: dewayne@heuristicsystems.com.au
          Assignee: cy@FreeBSD.org
             Flags: maintainer-feedback?(cy@FreeBSD.org)

While trying to secure... time (net/ntp), I've noticed that it experiences
segmentation faults (SIGSGV).

Environment
FreeBSD 12.1-STABLE #0 r353429M: Sat Oct 12 19:02:59 AEDT 2019

kern.elf64.aslr.stack_gap=3D1
kern.elf64.aslr.honor_sbrk=3D1
kern.elf64.aslr.pie_enable=3D1
kern.elf64.aslr.enable=3D1
kern.elf64.pie_base=3D16912384
kern.elf64.nxstack=3D1

security.mac.ntpd.uid=3D123
security.mac.ntpd.enabled=3D1

>From the /etc/make.conf
CFLAGS include -fPIE -fPIC -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
LDFLAGS include -pie -z relro -z now -z noexecstack=20

# make -C /usr/ports/net/ntp -DUSE_K8 showconfig|grep =3Don
     IPV6=3Don: IPv6 protocol support
     LOCAL_CLOCK=3Don: Enable local clock reference
     SHM=3Don: Enable SHM clock attached thru shared memory
     SSL=3Don: SSL protocol support
     THREADS=3Don: Threading support

And we kick-off ntp with
su -m ntpd -c "/usr/local/sbin/ntpd -c /etc/ntp.conf -u ntpd -x -G --nofork"

Yes this does require other files to be ntpd readable, and logs writeable

With the nofork, it requires multiple tries to get it to start.  Over appro=
x 15
tests, the minimum number of attempts (using stack_gap=3D1) is 11 and the m=
ost
41.  I use a process monitor (s6) which retries starting ntp approx 1.01
seconds until successful.

When kern.elf64.aslr.stack_gap=3D0, ntp starts on the first attempt.

I'm sharing this because ntpd has a problem with aslr (particularly when
enabled via stack_gap, and I had used different percentages stack_gap=3D1|2=
|3
during additional tests).

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-241421-7788>