Tuesday 25 November 2014

A poem for Device Atlas API ?

Hi folks,

Still on the "OS test" tour, I recently took a look on Haiku. Regarding Wikipedia, that originally means "a Japanese poem of seventeen syllables, in three lines of five, seven, and five, traditionally evoking images of the natural world" .... Sounds great ! more technically speaking, it is the direct descendant of BeOS, multimedia focused operating system which was quite advanced ... for its time (end of the nineties...). With an unbeatable boot time (less than 10 seconds in my VM ...) Haiku is the only remaining BeOS clone ... It is not an Unix-like (more something on it's own I'd say) but with a posix compatibility layer. Shipped originally with GCC 2.9 (the last time I dealt with this version was 13/14 years ago and as far as I remember it was quite buggy) so no chance at all to compile Device Atlas C++ APIs ! But it is also shipped with alternative GGC 4 as well, so once set with this one then once cmake and such are installed, everything is alright (ie Haiku has its own package manager with sufficient software/libraries to cover basic needs).

Like Minix 3, I would not use it as my daily OS, too much lacks of features I need but it pleases to many hackers who are interested by something different. It has interests on its own (one of the few OSes written in C++ ...), with a guenine "nineties" look, I wish great luck to the project to raise its expected funds and to be able to release it.

Labels: , ,

View David Carlier's profile on LinkedIn

Friday 14 November 2014

Stack smashing protection by default on FreeBSD and other things ...

Hi folks,

Recently, the Stack Smashing Protection is enabled by default in ports, hence -fstack-protector flag is added which protects against stack buffer overflow (This feature is by default on OpenBSD since ... 12 years). So, concretally, what is the purpose ? Let's try by an example ... with our C wrapper for change ;-)

#include <mtld/devatlas-c.h>
#include <stdio.h>
int
main(int argc, char *argv[])
{
       mobi_devatlas *atlas;
       mobi_devatlas_ctx *ctx;
       mobi_http_header headers[1] = { 0 };
       char buf[10];
       printf("Please enter an user agent:\n");
       /* Bad idea !! but this is just for the sake of the example */
       gets(buf);
       atlas = mobi_mtld_da_init(NULL);
       if (atlas != NULL)
       {
               headers[0].name = "user-agent";
               headers[0].value = buf;
               ctx = mobi_mtld_da_ctx_init(atlas, NULL, headers, 1, NULL);
               ... etc ...
       }
}


In first glance, that looks good. Sure. But what if the user type more than 10 characters ? Buffer overflow. gets does not perform any boundaries checking ...
In that case, with this stack protection flag, you can get this kind of message "stack overflow detected" then the program aborts ... One detail ... that does NOT protect for attacks in the heap.

About HardenedBSD, I added recently my second syscall, getdtablecount which gives you the number of file descriptors open by the current process, that comes from OpenBSD (Linux has a similar function I think with a different name...) so hopefully the maintainer of the FreeBSD relayd port (load balancer from OpenBSD), for example, can find usefulness ... indeed OpenBSD version uses this to protect against Dos attacks. Unluckily, another syscall, ppoll (I think the Linux emulation layer needs this ...) arrived the same time, so we got some conflicts with syscalls ids on git at some point :-)

Working on both OpenBSD and FreeBSD is a great advantage for me as if I need to port something, it is quite fast in general !

Ah another small detail, my port of arc4random is merged in master branch :-)

Outside of pure technical topics, Shawn Webb began to get our development servers and began to play with Jenkins (which, honestly, I find it much better than I thought...). Now that he wants to take care of HardenedBSD communication, I prefer to let him speaks about what he and Oliver do specifically and the "biggest picture" as well ... But you can be sure they have numerous great ideas to add ;-)

Labels: , , , , , , ,

View David Carlier's profile on LinkedIn

Monday 3 November 2014

HardenedBSD in BSDMag ....

Hi folks,

The "little something" I said while ago was the article I have written for BSDMag, explaining the goals of HardenedBSD and talking about its main feature, Address Space Layout Randomisation. For who does not wish to register, it can be viewed here ... Was a guenine pleasure to write it :-)

Labels: , , ,

View David Carlier's profile on LinkedIn