From nobody Fri Jan 19 01:53:49 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TGN2B24prz57WKx; Fri, 19 Jan 2024 01:53:54 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta002.cacentral1.a.cloudfilter.net (omta002.cacentral1.a.cloudfilter.net [3.97.99.33]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TGN296fxRz4j6Z; Fri, 19 Jan 2024 01:53:53 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; none Received: from shw-obgw-4003a.ext.cloudfilter.net ([10.228.9.183]) by cmsmtp with ESMTPS id QUzLrspJIGAIJQe4vriOyQ; Fri, 19 Jan 2024 01:53:53 +0000 Received: from spqr.komquats.com ([70.66.152.170]) by cmsmtp with ESMTPSA id Qe4rr3FF70nMNQe4srgak2; Fri, 19 Jan 2024 01:53:51 +0000 X-Authority-Analysis: v=2.4 cv=Qcx1A+Xv c=1 sm=1 tr=0 ts=65a9d62f a=y8EK/9tc/U6QY+pUhnbtgQ==:117 a=y8EK/9tc/U6QY+pUhnbtgQ==:17 a=kj9zAlcOel0A:10 a=dEuoMetlWLkA:10 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=ypVJL4-jAAAA:8 a=EkcXrb_YAAAA:8 a=6US-aupUcI2Dbu4WfqUA:9 a=CjuIK1q_8ugA:10 a=UJ0tAi3fqDAA:10 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 a=khIbc0fXALFIcTpOSxgJ:22 a=LK5xJRSDVpKd5WXXoEvA:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 8C4255B3; Thu, 18 Jan 2024 17:53:49 -0800 (PST) Received: by slippy.cwsent.com (Postfix, from userid 1000) id 7E16A249; Thu, 18 Jan 2024 17:53:49 -0800 (PST) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Alexander Richardson cc: Cy Schubert , Jessica Clarke , Shawn Webb , Cy Schubert , "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" Subject: Re: git: 0990136ed175 - main - kerberos5: Mitigate the possibility of using an old libcrypto In-reply-to: References: <202401181523.40IFNvXI077592@gitrepo.freebsd.org> <973524D3-FCB2-47E1-B04F-BB42E18550C5@freebsd.org> <20240118175553.9CC5E19B@slippy.cwsent.com> Comments: In-reply-to Alexander Richardson message dated "Thu, 18 Jan 2024 16:10:00 -0800." List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 18 Jan 2024 17:53:49 -0800 Message-Id: <20240119015349.7E16A249@slippy.cwsent.com> X-CMAE-Envelope: MS4xfIqn6ne7PHvWBajXlYZFJCfVcCWZi7+iFf5oObAIv94sSABX0QwqRZXeTf2p/sE9m6thSYAv7fwLvwC7NAWthDG0798mvZYD105z5eibcvmXWzoCStDG c13xYx6CSYZ8yqQO7QIbo77jCNWHf5hE2AH2Oy2G3aorVajucBXKrydFOKz5CfA+PwCiIOaTkdidcMdPa/3j1lv5xnnwRoq3zQtfX6c/XbfBkQHepVmudu85 AxPQaxxG8t7EUYAjUVxn6LJUhTEgoaXKDd1VybnGiedYU/sc810LE9nW+Np3EdbeTV/8y02MOpo0O2CbuKpUZEbjQutC7IBC+obUsD+MN/qTtNnRQCZxrtPa TEfCDpXlaD89LwWs7UqIT+SF2cAEGGKXfv64BrqficNJUo51lKTUe6+lmUWRgaMLHtpeYDeZnMzioUWAlyjIpmPJZyRagg== X-Rspamd-Queue-Id: 4TGN296fxRz4j6Z X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US] In message , Alexander Richardson writes: > On Thu, 18 Jan 2024 at 10:06, Cy Schubert wrote: > > > > In message <973524D3-FCB2-47E1-B04F-BB42E18550C5@freebsd.org>, Jessica > > Clarke w > > rites: > > > On 18 Jan 2024, at 17:35, Shawn Webb wrote: > > > >=20 > > > > On Thu, Jan 18, 2024 at 05:29:47PM +0000, Jessica Clarke wrote: > > > >> On 18 Jan 2024, at 15:23, Cy Schubert wrote: > > > >>>=20 > > > >>> The branch main has been updated by cy: > > > >>>=20 > > > >>> URL: = > > > https://cgit.FreeBSD.org/src/commit/?id=3D0990136ed1753ac7837206f9c5f4b83 > c= > > > cff6c405 > > > >>>=20 > > > >>> commit 0990136ed1753ac7837206f9c5f4b83ccff6c405 > > > >>> Author: Cy Schubert > > > >>> AuthorDate: 2024-01-18 08:22:20 +0000 > > > >>> Commit: Cy Schubert > > > >>> CommitDate: 2024-01-18 15:12:14 +0000 > > > >>>=20 > > > >>> kerberos5: Mitigate the possibility of using an old libcrypto > > > >>>=20 > > > >>> By using the full library name (libcrypto.so.30) we avoid the = > > > exposure > > > >>> of using an old, possibly vulnerable, library. > > > >>>=20 > > > >>> Reported by: jrtc27 > > > >>> MFC after: 3 days > > > >>> X-MFC with: 476d63e091c2 > > > >>> Fixes: 476d63e091c2 > > > >>> --- > > > >>> kerberos5/lib/libroken/fbsd_ossl_provider_load.c | 3 ++- > > > >>> 1 file changed, 2 insertions(+), 1 deletion(-) > > > >>>=20 > > > >>> diff --git a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c = > > > b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c > > > >>> index 497b32124f96..2328041bc166 100644 > > > >>> --- a/kerberos5/lib/libroken/fbsd_ossl_provider_load.c > > > >>> +++ b/kerberos5/lib/libroken/fbsd_ossl_provider_load.c > > > >>> @@ -5,6 +5,7 @@ > > > >>> #include > > > >>>=20 > > > >>> #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >=3D 3) > > > >>> +#define CRYPTO_LIBRARY "/lib/libcrypto.so.30" > > > >>=20 > > > >> This still assumes the native ABI is in use, i.e. doesn=E2=80=99t = > > > account for > > > >> libcompat. Can we please just drop the directory, or if it=E2=80=99s = > > > really > > > >> needed for some reason at least handle the libcompat case? > > > >=20 > > > > Using relative paths might carry a potential security risk if the > > > > LD_LIBRARY_PATH environment variable is set to an attacker-controlled > > > > directory. > > > > > > That=E2=80=99s true for direct linking too, yet we don=E2=80=99t = > > > hard-code everything > > > everywhere there. What=E2=80=99s special about dlopen? > > > > The reason for dlopen is to avoid building libcrypto during pre-build. > > libcrypto requires TARGET_ENDIANNESS to be defined. It is not defined when > > cross building from Linux or MacOS. > > > > TARGET_ENDIANNESS is defined by bsd.endian.mk, which state: > > > > # During bootstrapping on !FreeBSD OSes, we need to define some value. > > Short of > > # having an exhaustive list for all variants of Linux and MacOS we simply > > do not > > # set TARGET_ENDIANNESS and poison the other variables. They should be > > unused > > # during the bootstrap phases (apart from one place that's adequately > > protected > > # in bsd.compiler.mk) where we're building the bootstrap tools. > > > > To avoid this requirement during we let libroken build as usual during > > prebuild and load libcrypto, which is built later, thereby circumventing > > the prebuild requirement and avoiding redesigning our prebuild to define > > TARGET_ENDIANNESS for non-FreeBSD OSes. > > If the problem is just missing TARGET_ENDIANESS, we can add something like > TARGET_ENDIANESS!=echo "__BYTE_ORDER__" | ${CC} -E -P - > for the bootstrapping case. But it seems to me that we just need to define th > e > L_ENDIAN/B_ENDIAN macros, can't that be done using the compiler-provided > macros (or endian.h) from some internal config header instead (or even > a new file injected via -include)? That would be a solution to making it possible for TARGET_ENDIANNESS consumers to build during prebuild. I can submit a phabricator review if people want. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=0