OpenBSD and post release ... status
Hi folks,
Had been warned by other openbsd folks there is a new MAP_CONCEAL feature (and consumers called malloc_conceal/calloc_conceal (a realloc_conceal is absolutely not necessary, the address will keep the flag internally), I decided to rebuild the whole system despite having done this just last night. This is interesting feature, controlling the informations you want to disclose for debugging. To be more concrete, let's use a very basic C++ application reading an external file containing sensitive information, purposely generating a core dump :
#include <sys/mman.h>
#include <sys/stat.h>
#include <string>
#include <stdio.h>
#include <errno.h>
#include <signal.h>
#include <stdlib.h>
#include <iostream>
int main(int argc, char **argv) {
...
auto st = fstat(fd, &s);
auto sz = s.st_size;
auto flg = MAP_PRIVATE;
#if defined(HIDEIT)
flg |= MAP_CONCEAL;
#endif
auto p = ::mmap(nullptr, sz, PROT_READ|PROT_WRITE, flg, fd, 0);
if (p != MAP_FAILED) {
auto str = reinterpret_cast<char *>(p);
::raise(SIGSEGV);
::munmap(p, sz);
...
return 0;
}
The version without the new flag would disclose the value of the mapped file content as you can see
gdb ./test_without ./test_without.core
...
(gdb) f 1
#1 0x000006c2da1db473 in main (argc=2, argv=0x7f7ffffc3548) at test_conceal.cc:26
26 ::raise(SIGSEGV);
(gdb) p str
$1 = 0x6c5d77c5000 "My credit card number -- whoooops\n"
...
whereas the version with the new flag ...
gdb ./test_with ./test_with.core
... f 1
#1 0x000006e7271c1484 in main (argc=2, argv=0x7f7ffffcc868) at test_conceal.cc:26
26 ::raise(SIGSEGV);
(gdb) p str
$1 = 0x6e9b7336000 <Address 0x6e9b7336000 out of bounds>
It can be useful that's for sure, we shall see if other operating systems would implement similar feature (edit they do but via madvise) ...
Also if like me you possess a Thinkpad with AMD Ryzen, I would recommend following up this topic from openbsd-misc. The GPU driver had been updated but still the kernel need to be updated accordingly before being able to feel its full potential ...
To finish with OpenBSD, there who is still very active on advertising video games, had updated the list, just to remind there is quite a handful possibility to entertain yourself even on a pretty secure os as this one ;-) His enthusiasm is a nice thing to see !
Labels: amd risen, amd ryzen, calloc_conceal, malloc_conceal, OpenBSD
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home