[Bug 241421] net/ntp segfaults with stack_gap!=0

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Oct 22 20:39:37 UTC 2019 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241421

            Bug ID: 241421
           Summary: net/ntp segfaults with stack_gap!=0
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: cy at FreeBSD.org
          Reporter: dewayne at heuristicsystems.com.au
          Assignee: cy at FreeBSD.org
             Flags: maintainer-feedback?(cy at FreeBSD.org)

While trying to secure... time (net/ntp), I've noticed that it experiences
segmentation faults (SIGSGV).

Environment
FreeBSD 12.1-STABLE #0 r353429M: Sat Oct 12 19:02:59 AEDT 2019

kern.elf64.aslr.stack_gap=1
kern.elf64.aslr.honor_sbrk=1
kern.elf64.aslr.pie_enable=1
kern.elf64.aslr.enable=1
kern.elf64.pie_base=16912384
kern.elf64.nxstack=1

security.mac.ntpd.uid=123
security.mac.ntpd.enabled=1

>From the /etc/make.conf
CFLAGS include -fPIE -fPIC -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
LDFLAGS include -pie -z relro -z now -z noexecstack 

# make -C /usr/ports/net/ntp -DUSE_K8 showconfig|grep =on
     IPV6=on: IPv6 protocol support
     LOCAL_CLOCK=on: Enable local clock reference
     SHM=on: Enable SHM clock attached thru shared memory
     SSL=on: SSL protocol support
     THREADS=on: Threading support

And we kick-off ntp with
su -m ntpd -c "/usr/local/sbin/ntpd -c /etc/ntp.conf -u ntpd -x -G --nofork"

Yes this does require other files to be ntpd readable, and logs writeable

With the nofork, it requires multiple tries to get it to start.  Over approx 15
tests, the minimum number of attempts (using stack_gap=1) is 11 and the most
41.  I use a process monitor (s6) which retries starting ntp approx 1.01
seconds until successful.

When kern.elf64.aslr.stack_gap=0, ntp starts on the first attempt.

I'm sharing this because ntpd has a problem with aslr (particularly when
enabled via stack_gap, and I had used different percentages stack_gap=1|2|3
during additional tests).

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list