To be continued ...

Hi folks,

This week, OpenBSD has again provided an interesting update, this time in the graphic driver department. That's quite some work ! For every owner of these components, user of snapshots or current, you re surely giving a try ;-) ... For this post release, I am trying to update the barony package I maintain ... we shall see.

Also, I found few projects worthy to look at ... for instance :

- Speaking of games, PGE Project giving opportunities to create nice games even to terrible game designers as me :-)
- Xonotic here I follow closely a fellow BSD porter for this pretty famous and funny game which works more or less well out of the box on BSD systems in general but it is good to improve the support while decreasing hackeries.
- Every one knows curl but I was pleasantly surprised they were using LLVM lib buzzer (among other things) and pretty cleverly.


These last days, I have been doing little developments lastly for botan, again for Android, to support better older devices (but not that old) regarding auxiliary vectors. Support BSD for the game (N)Blood, as it is based on Doom engine, was pretty straightforward to do ... PHP/swoole, a sort of go(lang) routine equivalent for php, ported for BSD as well ; professionally speaking I m trying to push few changes for python languages existing since last year (but with more than a thousand of pull requests that is a bit normal) the most trivial was merged, I hope the next will make it (ie blake2 module update I mentioned awhile ago) :-) (edit: it has been merged just the following day so all good ;-)). There are still ongoing changes (one of them concerns a little change for PHP and windows specifically ... and more important the capsicum api support).

Wish you well while sneezing due to spring allergy :-P

OpenBSD and post release ... status

Hi folks,

Had been warned by other openbsd folks there is a new MAP_CONCEAL feature (and consumers called malloc_conceal/calloc_conceal (a realloc_conceal is absolutely not necessary, the address will keep the flag internally), I decided to rebuild the whole system despite having done this just last night. This is interesting feature, controlling the informations you want to disclose for debugging. To be more concrete, let's use a very basic C++ application reading an external file containing sensitive information, purposely generating a core dump :

#include <sys/mman.h>

#include <sys/stat.h>

#include <string>

#include <stdio.h>

#include <errno.h>

#include <signal.h>

#include <stdlib.h>

#include <iostream>

int main(int argc, char **argv) {

...

                auto st = fstat(fd, &s);

                auto sz = s.st_size;

                auto flg = MAP_PRIVATE;

#if defined(HIDEIT)

                flg |= MAP_CONCEAL;

#endif

                auto p = ::mmap(nullptr, sz, PROT_READ|PROT_WRITE, flg, fd, 0);

                if (p != MAP_FAILED) {

                        auto str = reinterpret_cast<char *>(p);

                        ::raise(SIGSEGV);

                        ::munmap(p, sz);

...

        return 0;

}

The version without the new flag would disclose the value of the mapped file content as you can see

gdb ./test_without ./test_without.core

...

(gdb) f 1  

#1  0x000006c2da1db473 in main (argc=2, argv=0x7f7ffffc3548) at test_conceal.cc:26

26 ::raise(SIGSEGV);

(gdb) p str

$1 = 0x6c5d77c5000 "My credit card number -- whoooops\n"

...

whereas the version with the new flag ...

gdb ./test_with ./test_with.core

... f 1

#1  0x000006e7271c1484 in main (argc=2, argv=0x7f7ffffcc868) at test_conceal.cc:26

26 ::raise(SIGSEGV);

(gdb) p str

$1 = 0x6e9b7336000 <Address 0x6e9b7336000 out of bounds>

It can be useful that's for sure, we shall see if other operating systems would implement similar feature (edit they do but via madvise) ...

Also if like me you possess a Thinkpad with AMD Ryzen, I would recommend following up this topic from openbsd-misc. The GPU driver had been updated but still the kernel need to be updated accordingly before being able to feel its full potential ...

To finish with OpenBSD, there who is still very active on advertising video games, had updated the list, just to remind there is quite a handful possibility to entertain yourself even on a pretty secure os as this one ;-) His enthusiasm is a nice thing to see !