diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2022-02-18 12:45:07 -0800 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2022-02-18 13:01:48 -0800 |
| commit | c2a26c7a01c70722c50c0958fa2860633ced64c9 (patch) | |
| tree | 9d75a7ac46bfb74dfef7da7547cb2b3a72f768a2 | |
| parent | www/phpmyfaq: Update to 3.1.1 (diff) | |
net/ntp: Restore previous behaviour
Restore ntp to prior to the ASLR mitigations applied.
When ASLR and subsequently PIE were committed to the FreeBSD kernel, ntpd
would segfault due to insufficient stack. This was because stack gap was
not taken into account by applications requesting stack and/or memory
limits. (BTW, this problem also affected firefox and thunderbird.)
This subsequently caused disabling of rlimit memlock, which could not be
avoided under the previous implementation of ASLR:
Cannot set RLIMIT_MEMLOCK: Operation not permitted
Since then a number of improvments to ASLR stack gap implementation have
rendered the mitigations unnecessary. The mitigations initially developed
here at FreeBSD were subsequently upstreamed (noticed by the folks at
nwtime.org and automatically upstreamed). The mitigations have been
reversed in the base system. This patch reverses the ASLR mitigations in
the port as well.
PR: 262031
Reported by: p5B2E9A8F@t-online.de
| -rw-r--r-- | net/ntp/Makefile | 2 | ||||
| -rw-r--r-- | net/ntp/files/patch-ntpd_ntpd.c | 54 |
2 files changed, 40 insertions, 16 deletions
diff --git a/net/ntp/Makefile b/net/ntp/Makefile index de084df97545..4999d46ff4cc 100644 --- a/net/ntp/Makefile +++ b/net/ntp/Makefile @@ -2,7 +2,7 @@ PORTNAME= ntp PORTVERSION= 4.2.8p15 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= net MASTER_SITES= http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \ http://archive.ntp.org/ntp4/ntp-4.2/ \ diff --git a/net/ntp/files/patch-ntpd_ntpd.c b/net/ntp/files/patch-ntpd_ntpd.c index 477f570f93b6..9cd041eccd42 100644 --- a/net/ntp/files/patch-ntpd_ntpd.c +++ b/net/ntp/files/patch-ntpd_ntpd.c @@ -1,24 +1,48 @@ --- ntpd/ntpd.c.orig 2020-06-23 02:17:48.000000000 -0700 -+++ ntpd/ntpd.c 2022-01-26 10:14:00.828563000 -0800 -@@ -145,7 +145,9 @@ ++++ ntpd/ntpd.c 2022-02-18 12:02:30.547638000 -0800 +@@ -145,17 +145,6 @@ # include <seccomp.h> #endif /* LIBSECCOMP and KERN_SECCOMP */ -#ifdef __FreeBSD__ -+#if defined(__FreeBSD_version) && \ -+ ((__FreeBSD_version > 1400000 && __FreeBSD_version < 1400038) || \ -+ __FreeBSD_version < 1300524) - #include <sys/procctl.h> - #ifndef PROC_STACKGAP_CTL - /* -@@ -438,7 +440,9 @@ +-#include <sys/procctl.h> +-#ifndef PROC_STACKGAP_CTL +-/* +- * Even if we compile on an older system we can still run on a newer one. +- */ +-#define PROC_STACKGAP_CTL 17 +-#define PROC_STACKGAP_DISABLE 0x0002 +-#endif +-#endif +- + #ifdef HAVE_DNSREGISTRATION + # include <dns_sd.h> + DNSServiceRef mdns; +@@ -438,18 +427,6 @@ char *argv[] ) { -# ifdef __FreeBSD__ -+# if defined(__FreeBSD_version) && \ -+ ((__FreeBSD_version > 1400000 && __FreeBSD_version < 1400038) || \ -+ __FreeBSD_version < 1300524) - { - /* - * We Must disable ASLR stack gap on FreeBSD to avoid a +- { +- /* +- * We Must disable ASLR stack gap on FreeBSD to avoid a +- * segfault. See PR/241421 and PR/241960. +- */ +- int aslr_var = PROC_STACKGAP_DISABLE; +- +- pid_t my_pid = getpid(); +- procctl(P_PID, my_pid, PROC_STACKGAP_CTL, &aslr_var); +- } +-# endif + return ntpdmain(argc, argv); + } + #endif /* !SYS_WINNT */ +@@ -1058,7 +1035,7 @@ + # if defined(HAVE_MLOCKALL) + # ifdef HAVE_SETRLIMIT + ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k"); +-# ifdef RLIMIT_MEMLOCK ++# if defined(RLIMIT_MEMLOCK) && defined(DFLT_RLIMIT_MEMLOCK) && DFLT_RLIMIT_MEMLOCK != -1 + /* + * The default RLIMIT_MEMLOCK is very low on Linux systems. + * Unless we increase this limit malloc calls are likely to |