From nobody Mon Aug 12 15:20:23 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WjJ9n1MD8z5SrL0; Mon, 12 Aug 2024 15:20:29 +0000 (UTC) (envelope-from markjdb@gmail.com) Received: from mail-qv1-xf2a.google.com (mail-qv1-xf2a.google.com [IPv6:2607:f8b0:4864:20::f2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WjJ9m3S1Bz4pls; Mon, 12 Aug 2024 15:20:28 +0000 (UTC) (envelope-from markjdb@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=dwu7P3aQ; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=freebsd.org (policy=none); spf=pass (mx1.freebsd.org: domain of markjdb@gmail.com designates 2607:f8b0:4864:20::f2a as permitted sender) smtp.mailfrom=markjdb@gmail.com Received: by mail-qv1-xf2a.google.com with SMTP id 6a1803df08f44-6b7a36f26f3so46928136d6.1; Mon, 12 Aug 2024 08:20:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1723476027; x=1724080827; darn=freebsd.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:from:to:cc:subject:date:message-id :reply-to; bh=sYqd0z6V0wkBJQyJmZtsTnoUymHigrrKljfArYDqzB0=; b=dwu7P3aQQ9jYRGnWIxP/0qvNtvKIrmRp8QCwNc7gjh9MAPbAKAO0U65yHwARXRB0xI KFypH5HQjhO1bptRhb5RV55V0ReAZh2QlLHmGXX9WhVV8DUvHNebFU/zW2dMm1QpN9M3 CzoCPZxd4myhi5iMXXmNAsCNdn72tUNdERIe5Sc1dcwOUiMZvhE2lPnV/I5sofRUAvAJ DrsYnsqkX/9V1taxiPBLUksdeL8XaKJjOSh0SkXPa1bZNP8S2YnO4b6fGfsvG1sdicee f1RRdm7sUPU01J4GehrMo0sP8TjLp1pCNOXiBwVrEU3APfuTHGqZz6HM44dO9oHF4AmO 7HhQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723476027; x=1724080827; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sYqd0z6V0wkBJQyJmZtsTnoUymHigrrKljfArYDqzB0=; b=hnVbRysGlddG7PD4wV8gYzqCI6jYTq9LKYl2oC74xDjMq6VMBd0xsvUhuullRvDLUZ Ec3jYbM7xUdNGqBS43rsKEarked9P5UBkLrDOJpBZS7E6s+KazO07MTcwkrDVBWfPRcg jqa2pyK0uKmP5/LDKan8VT9iXTFTDEMwPdtTgHZu1bDUDTXszoHdPgXsP9/XRCpX1uX5 UzyAR2UCC3hraPZz3gyXRXUkIeQenq0ddT76j+JPs2QfRs53Y7uRJdjCPtETm/jHNFOL bJsc1U4jDU8PLXJQvJ7VGzRwR9keiSy9hMVjQo7ZpsUk9TvzZTqac4U2tdrSYq/ELixc VTtA== X-Forwarded-Encrypted: i=1; AJvYcCUoTCtha0llft5E9oANkQUqj4gOJdoZIc0/5z8HwQ/0UCLLoz5+qtk+oYpWuNwHHz5W5dSA4frJWmFjCHq5/iUKm1+TJ+LEUVlJxbPXV/tYb5/cO6ORJ8A4HWf3w9YEK1ip81E56/wjSezCzb7aJxSGLW3jKbZ+Ax1Z9FcySxoBqfH8sGtNrghhwcQeTi+IrZd0ZjK73EZqsGwZrLxN9tMlJ38= X-Gm-Message-State: AOJu0YzymjaE20hjLOhAtvPza4Fn/sL02KaN4tcW2NUp7WA3Oip4gnc6 7e5I8OLSW2XkHmJf976iF4lmBkbe4Sar9VnOjFE8RLquLtHcm2BY85Y+uKRP X-Google-Smtp-Source: AGHT+IGdBlcUDoyAkPyar8+HaYceSyDgj/Tmi3tT/VNP3NflkixNAecIJvU4Faredz8d9wOynjiQPQ== X-Received: by 2002:ad4:5c6a:0:b0:6b7:923c:e0b7 with SMTP id 6a1803df08f44-6bf4fa2d7c4mr6907586d6.21.1723476026620; Mon, 12 Aug 2024 08:20:26 -0700 (PDT) Received: from nuc (192-0-220-237.cpe.teksavvy.com. [192.0.220.237]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6bd82c874c5sm25910716d6.48.2024.08.12.08.20.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 12 Aug 2024 08:20:25 -0700 (PDT) Date: Mon, 12 Aug 2024 11:20:23 -0400 From: Mark Johnston To: tuexen@freebsd.org Cc: Zhenlei Huang , "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" , FreeBSD Security Team Subject: Re: git: 9b569353e0b0 - main - tcp: initialize V_ts_offset_secret for all vnets Message-ID: References: <202408091415.479EF480062250@gitrepo.freebsd.org> <640CAD45-A146-45D1-AFAD-7FDC6B9F6006@freebsd.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <640CAD45-A146-45D1-AFAD-7FDC6B9F6006@freebsd.org> X-Spamd-Bar: -- X-Spamd-Result: default: False [-2.56 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.96)[-0.956]; MID_RHS_NOT_FQDN(0.50)[]; FORGED_SENDER(0.30)[markj@freebsd.org,markjdb@gmail.com]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; DMARC_POLICY_SOFTFAIL(0.10)[freebsd.org : SPF not aligned (relaxed), DKIM not aligned (relaxed),none]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_DN_EQ_ADDR_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::f2a:from]; TO_DN_SOME(0.00)[]; RCVD_TLS_LAST(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_FIVE(0.00)[6]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; RCVD_COUNT_TWO(0.00)[2]; FROM_NEQ_ENVFROM(0.00)[markj@freebsd.org,markjdb@gmail.com]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MLMMJ_DEST(0.00)[dev-commits-src-all@freebsd.org,dev-commits-src-main@freebsd.org]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_VIA_SMTP_AUTH(0.00)[]; MISSING_XM_UA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com] X-Rspamd-Queue-Id: 4WjJ9m3S1Bz4pls On Sat, Aug 10, 2024 at 12:07:35PM +0200, tuexen@freebsd.org wrote: > > On 10. Aug 2024, at 02:20, Zhenlei Huang wrote: > > > > > > > >> On Aug 9, 2024, at 10:15 PM, Michael Tuexen wrote: > >> > >> The branch main has been updated by tuexen: > >> > >> URL: https://cgit.FreeBSD.org/src/commit/?id=9b569353e0b073a513cf10debbe634c2ceb29fdf > >> > >> commit 9b569353e0b073a513cf10debbe634c2ceb29fdf > >> Author: Michael Tuexen > >> AuthorDate: 2024-08-09 14:12:22 +0000 > >> Commit: Michael Tuexen > >> CommitDate: 2024-08-09 14:12:22 +0000 > >> > >> tcp: initialize V_ts_offset_secret for all vnets > >> > >> Initialize V_ts_offset_secret for each vnet, not only for the > >> default vnet, since it is vnet specific. > >> > >> Reviewed by: Peter Lei > >> MFC after: 3 days > >> Sponsored by: Netflix, Inc. > >> Differential Revision: https://reviews.freebsd.org/D46246 > >> --- > >> sys/netinet/tcp_subr.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> > >> diff --git a/sys/netinet/tcp_subr.c b/sys/netinet/tcp_subr.c > >> index 9e95a87b3596..9b5f2651fb35 100644 > >> --- a/sys/netinet/tcp_subr.c > >> +++ b/sys/netinet/tcp_subr.c > >> @@ -1465,6 +1465,7 @@ tcp_vnet_init(void *arg __unused) > >> VNET_PCPUSTAT_ALLOC(tcpstat, M_WAITOK); > >> > >> V_tcp_msl = TCPTV_MSL; > >> + arc4rand(&V_ts_offset_secret, sizeof(V_ts_offset_secret), 0); > > > > Emm, does it have any (potential) security problems if not initialized ? If yes then does it deserve an SA ? > I don't know, if it deserves a SA. I plan to MFC it after 3 days and would > like to get it included in 13.4 (I sent a notice announcing this to re@ > yesterday). > > The consequence of the bug is that the offset for the TCP timestamp is > predictable for all vnets not being the default vnet (vnet0). > > So an attacker could setup TCP connections to multiple TCP endpoints > and try to figure out > * if they belong to the same host. > * what the ticks value of the host is. > > However, this requires > (a) the attacker knows that the TCP endpoints are on a FreeBSD host. > (b) that at least two TCP endpoints are not in vnet0. > (c) the attacker knows the way the offset is computed. > > (c) is a consequence of (a). > > I also CC'ed the security team, so they are aware of it and can chime in. I don't really see why two endpoints are needed to figure out the uptime of the host. The timestamp we use is a hash of the connection 4-tuple and the secret, which is all zeroes for a VNET jail affected by this bug. One could precompute the hash outputs for some range of time values, connect twice to the same endpoint, and check to see whether the timestamps correspond to two of the precomputed values in a way that roughly matches the time delta between the connections. Assuming a), one can then infer 1) whether the endpoint is in a VNET jail, and 2) the uptime of the host. This assumes that the VNET isn't behind a NAT service, since otherwise the 4-tuple will be different, but even then the search space might be small enough to succeed.