pledging fork?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

pledging fork?

rain1
I'm having a problem with pledge on openbsd

#include <unistd.h>
void main(void) { pledge("proc", NULL); fork(); }

when I run this I get:

Program received signal SIGABRT, Aborted.
0x000005f7309c70ba in mprotect () at <stdin>:2

here is a backtrace

#0  0x000005f7309c70ba in mprotect () at <stdin>:2
#1  0x000005f7309c6cae in *_libc___cxa_finalize (dso=0x0)
     at /usr/src/lib/libc/stdlib/atexit.c:154
#2  0x000005f7309c507e in *_libc_exit (status=1702)
     at /usr/src/lib/libc/stdlib/exit.c:57
#3  0x000005f44cd009d8 in _start () from testprogram
#4  0x0000000000000000 in ?? ()

would this be a bug in pledge or am I using it wrong?

Reply | Threaded
Open this post in threaded view
|

Re: pledging fork?

Theo de Raadt-2
If you can't use ktrace, you should not try to do pledge work.

You are not tall enough to ride.

>I'm having a problem with pledge on openbsd
>
>#include <unistd.h>
>void main(void) { pledge("proc", NULL); fork(); }
>
>when I run this I get:
>
>Program received signal SIGABRT, Aborted.
>0x000005f7309c70ba in mprotect () at <stdin>:2
>
>here is a backtrace
>
>#0  0x000005f7309c70ba in mprotect () at <stdin>:2
>#1  0x000005f7309c6cae in *_libc___cxa_finalize (dso=0x0)
>     at /usr/src/lib/libc/stdlib/atexit.c:154
>#2  0x000005f7309c507e in *_libc_exit (status=1702)
>     at /usr/src/lib/libc/stdlib/exit.c:57
>#3  0x000005f44cd009d8 in _start () from testprogram
>#4  0x0000000000000000 in ?? ()
>
>would this be a bug in pledge or am I using it wrong?

Reply | Threaded
Open this post in threaded view
|

Re: pledging fork?

Sebastien Marie-2
In reply to this post by rain1
On Sun, Apr 24, 2016 at 05:53:45PM +0100, [hidden email] wrote:

> I'm having a problem with pledge on openbsd
>
> #include <unistd.h>
> void main(void) { pledge("proc", NULL); fork(); }
>
> when I run this I get:
>
> Program received signal SIGABRT, Aborted.
> 0x000005f7309c70ba in mprotect () at <stdin>:2
>
> here is a backtrace
>
> #0  0x000005f7309c70ba in mprotect () at <stdin>:2
> #1  0x000005f7309c6cae in *_libc___cxa_finalize (dso=0x0)
>     at /usr/src/lib/libc/stdlib/atexit.c:154
> #2  0x000005f7309c507e in *_libc_exit (status=1702)
>     at /usr/src/lib/libc/stdlib/exit.c:57
> #3  0x000005f44cd009d8 in _start () from testprogram
> #4  0x0000000000000000 in ?? ()
>
> would this be a bug in pledge or am I using it wrong?
>

short story: the answer will be "wrong use" :)

when you pledge that only "proc" promise will be used, the kernel trusts
you, and enforce it.

in your simple program, you use effectively fork(2), which is allowed by
"proc" promise, but you use also the libc... which require something
other than "proc" promise.

if you look at your backtrace, you will see the syscall causing the
kill: mprotect(2). it is called from _libc_exit() (an internal renaming
for exit(3) function), which is called after the end of your main().

so the fork(2) was successfully called, and on program terminaison, the
kernel kills it because it tries to do something else (calling
mprotect(2)).

you should add "stdio" promise (it is rare that it isn't needed).

the other possibility is to terminate your program with _exit(2) syscall
(but there are differencies from exit(3) function: atexit(3) functions
aren't called, streams aren't flushed, open streams aren't closed...)

--
Sebastien Marie

Reply | Threaded
Open this post in threaded view
|

Re: pledging fork?

Bryan Irvine
In reply to this post by Theo de Raadt-2
Can someone commit this please? :-)

--- theo.c 2016-04-24 16:04:34.000000000 -0700
+++ theo.c.new 2016-04-24 16:05:25.000000000 -0700
@@ -195,6 +195,7 @@
  "I want a new vax, one that's not so slow.",
  "This sausage is made from unsound meat.",
  "The people who wrote this code are not on your side.",
+        "If you can't use ktrace, you should not try to do pledge work.
You are not tall enough to ride.",
 };

 static const int ntalk = sizeof(talk)/sizeof(talk[0]);

On Sun, Apr 24, 2016 at 10:09 AM, Theo de Raadt <[hidden email]> wrote:

> If you can't use ktrace, you should not try to do pledge work.
>
> You are not tall enough to ride.
>
> >I'm having a problem with pledge on openbsd
> >
> >#include <unistd.h>
> >void main(void) { pledge("proc", NULL); fork(); }
> >
> >when I run this I get:
> >
> >Program received signal SIGABRT, Aborted.
> >0x000005f7309c70ba in mprotect () at <stdin>:2
> >
> >here is a backtrace
> >
> >#0  0x000005f7309c70ba in mprotect () at <stdin>:2
> >#1  0x000005f7309c6cae in *_libc___cxa_finalize (dso=0x0)
> >     at /usr/src/lib/libc/stdlib/atexit.c:154
> >#2  0x000005f7309c507e in *_libc_exit (status=1702)
> >     at /usr/src/lib/libc/stdlib/exit.c:57
> >#3  0x000005f44cd009d8 in _start () from testprogram
> >#4  0x0000000000000000 in ?? ()
> >
> >would this be a bug in pledge or am I using it wrong?