HEADS UP: HardenedBSD 15-CURRENT issues
16 views
Skip to first unread message
Shawn Webb
Feb 22, 2024, 10:54:47 AMFeb 22
to HardenedBSD Users
Hey all,
FreeBSD recently introduced some changes that separate out the
userspace handling of system calls to a new library, libsys. I think
the change overall is good, but it does cause issues with HardenedBSD.
There is a dance between libc, libsys, libthr, and the CSU at various
stages of a process's lifecycle. We compile both applications and
libraries with Link-Time Optimization (LTO), which seems to be causing
issues with the dance.
I'm hoping to resolve this before the next monthly OS build (01 March
2024). But there's a chance I might not fix it in time. I need to have
a better understanding of the code as there are some gaps of knowledge
to be filled.
I'll keep everyone informed as to my progress. If I can't fix it in
time for the next monthly build cycle, I plan to disable the build of
15-CURRENT (and *ONLY* 15-CURRENT). We will still build 13-STABLE and
14-STABLE.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
FreeBSD recently introduced some changes that separate out the
userspace handling of system calls to a new library, libsys. I think
the change overall is good, but it does cause issues with HardenedBSD.
There is a dance between libc, libsys, libthr, and the CSU at various
stages of a process's lifecycle. We compile both applications and
libraries with Link-Time Optimization (LTO), which seems to be causing
issues with the dance.
I'm hoping to resolve this before the next monthly OS build (01 March
2024). But there's a chance I might not fix it in time. I need to have
a better understanding of the code as there are some gaps of knowledge
to be filled.
I'll keep everyone informed as to my progress. If I can't fix it in
time for the next monthly build cycle, I plan to disable the build of
15-CURRENT (and *ONLY* 15-CURRENT). We will still build 13-STABLE and
14-STABLE.
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 303-901-1600
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
Shawn Webb
Feb 24, 2024, 7:51:35 PMFeb 24
to HardenedBSD Users
On Thu, Feb 22, 2024 at 03:54:43PM +0000, Shawn Webb wrote:
> Hey all,
>
> FreeBSD recently introduced some changes that separate out the
> userspace handling of system calls to a new library, libsys. I think
> the change overall is good, but it does cause issues with HardenedBSD.
>
> There is a dance between libc, libsys, libthr, and the CSU at various
> stages of a process's lifecycle. We compile both applications and
> libraries with Link-Time Optimization (LTO), which seems to be causing
> issues with the dance.
>
> I'm hoping to resolve this before the next monthly OS build (01 March
> 2024). But there's a chance I might not fix it in time. I need to have
> a better understanding of the code as there are some gaps of knowledge
> to be filled.
>
> I'll keep everyone informed as to my progress. If I can't fix it in
> time for the next monthly build cycle, I plan to disable the build of
> 15-CURRENT (and *ONLY* 15-CURRENT). We will still build 13-STABLE and
> 14-STABLE.
Hey all,
> Hey all,
>
> FreeBSD recently introduced some changes that separate out the
> userspace handling of system calls to a new library, libsys. I think
> the change overall is good, but it does cause issues with HardenedBSD.
>
> There is a dance between libc, libsys, libthr, and the CSU at various
> stages of a process's lifecycle. We compile both applications and
> libraries with Link-Time Optimization (LTO), which seems to be causing
> issues with the dance.
>
> I'm hoping to resolve this before the next monthly OS build (01 March
> 2024). But there's a chance I might not fix it in time. I need to have
> a better understanding of the code as there are some gaps of knowledge
> to be filled.
>
> I'll keep everyone informed as to my progress. If I can't fix it in
> time for the next monthly build cycle, I plan to disable the build of
> 15-CURRENT (and *ONLY* 15-CURRENT). We will still build 13-STABLE and
> 14-STABLE.
I've applied a workaround that gets things working again. However, as
a side-effect, LTO is now disabled for libc. I need to determine how
best to selectively disable LTO for lib/csu and lib/libc/csu.
Commit:
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD/-/commit/cd39a323e64d0b39bcfc2cd8fcd6a9951a54636f
With the workaround applied, I plan to keep the 15-CURRENT/amd64 build
active next month.
Reply all
Reply to author
Forward
0 new messages