www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

classic Classic list List threaded Threaded
29 messages Options
12
Reply | Threaded
Open this post in threaded view
|

www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

joshua stein-3
(I'm going to keep trying to send this until I get it right!)


I've been working on enhancing the security of our Firefox port over
the past couple weeks and would like some wider testing.

- Firefox's GPU process gains pledge(2) support, now all three
  process types (main, content, and gpu) are pledged.

- The inet permission is removed from content processes as they work
  without it.

- All three process types gain unveil(2) support to limit filesystem
  access.  Similar to our Chrome port, ~/Downloads and /tmp become
  the only major directories that the main process can read from and
  write to (aside from some other Firefox- and Gtk-specific
  cache/support directories like ~/.mozilla) and that the content
  process can read from for viewing files as file:// URLs.

While the Chrome port uses separate files in /etc/chromium for
unveil file lists, these patches use new comma-separated
about:config keys for them.  These are security.sandbox.unveil.main,
security.sandbox.unveil.content, and security.sandbox.unveil.gpu.
These file lists support expanding XDG_{CONFIG,DATA,CACHE}_HOME
environment variables if set.

See the new notes in pkg/README for adding additional upload or
download directories and for information on changing which 3rd party
programs are used to open certain MIME types like PDFs.

These patches are being tracked upstream and landry@ will help to
get them integrated once they are stable, although this review
process may take a while and it will probably take a while before
they reach a mainline release:

- sandbox GPU process on OpenBSD with pledge():
  https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580268

- enhance sandbox on OpenBSD with unveil():
  https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580271

As for testing, please try all of your normal Firefox usage as
everything should still work.  I've tested all of these things:

- Launching with an existing profile or letting it create a new one
  in ~/.mozilla
- Basic multi-tabbed and multi-window browsing
- Add-ons (Bitwarden, uBlock Origin, Tunnelbear VPN, etc.)
- Playing a YouTube video with sound
- Webcam access
- Accelerated graphics with MOZ_ACCELERATED=3D1 (verifying
  about:support shows HW_COMPOSITING enabled and detailed GPU #1
  info), viewing some WebGL benchmark sites
- File->Open, can only view ~/Downloads (this is the main process)
- When a file is selected, it is able to be opened as a file://
  URL (this is a content process reading it)
- When uploading a file, only ~/Downloads can be seen (or a
  read-only directory like ~/Photos specifically added to the
  security.sandbox.unveil.main list)
- Executing a 3rd party app via GIO/XDG such as mupdf for opening
  PDFs
- Executing a 3rd party app from ~/.mailcap such as xpdf for PDFs
- Printing via CUPS


Index: Makefile
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs/ports/www/mozilla-firefox/Makefile,v
retrieving revision 1.394
diff -u -p -u -p -r1.394 Makefile
--- Makefile 18 Sep 2019 16:58:05 -0000 1.394
+++ Makefile 20 Sep 2019 02:13:42 -0000
@@ -10,6 +10,8 @@ MOZILLA_BRANCH =3D release
 MOZILLA_PROJECT =3D firefox
 MOZILLA_CODENAME =3D browser
=20
+REVISION =3D 0
+
 WRKDIST =3D ${WRKDIR}/${MOZILLA_DIST}-${MOZILLA_DIST_VERSION:C/b[0-9]*//}
 HOMEPAGE =3D https://www.mozilla.org/firefox/
 SO_VERSION =3D 84.0
Index: patches/patch-browser_app_profile_firefox_js
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: patches/patch-browser_app_profile_firefox_js
diff -N patches/patch-browser_app_profile_firefox_js
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-browser_app_profile_firefox_js 20 Sep 2019 02:13:42 -0000
@@ -0,0 +1,33 @@
+$OpenBSD$
+
+sandbox GPU process on OpenBSD with pledge()
+https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580268
+
+enhance sandbox on OpenBSD with unveil()
+https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580271
+
+Index: browser/app/profile/firefox.js
+--- browser/app/profile/firefox.js.orig
++++ browser/app/profile/firefox.js
+@@ -1130,11 +1130,18 @@ pref("security.sandbox.content.syscall_whitelist",=
 "")
+ #endif
+=20
+ #if defined(XP_OPENBSD) && defined(MOZ_SANDBOX)
++pref("security.sandbox.content.level", 1);
++
+ // default pledge strings for the main & content processes, cf bug 1457092
+-// broad list for now, has to be refined over time
+ pref("security.sandbox.pledge.main", "stdio rpath wpath cpath inet proc e=
xec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mc=
ast");
+-pref("security.sandbox.content.level", 1);
+-pref("security.sandbox.pledge.content", "stdio rpath wpath cpath inet rec=
vfd sendfd prot_exec unix drm ps");
++pref("security.sandbox.pledge.content", "stdio rpath wpath cpath recvfd s=
endfd prot_exec unix drm ps");
++// and for gpu, bug 1580268
++pref("security.sandbox.pledge.gpu", "stdio rpath wpath cpath ps sendfd re=
cvfd drm dns unix prot_exec");
++
++// default file paths unveiled to each process, bug 1580271
++pref("security.sandbox.unveil.main", "/dev/urandom r,/dev/video rw,/etc/f=
onts r,/etc/machine-id r,/etc/mailcap r,/tmp rwc,/usr/bin/lpr rx,/usr/local=
/bin/gio-launch-desktop rx,/usr/local/lib r,/usr/local/firefox r,/usr/local=
/lib/firefox rx,/usr/local/share r,/usr/share/locale r,/var/cache/fontconfi=
g r,/usr/X11R6/lib r,/usr/X11R6/share r,/var/run rw,~/.XCompose r,~/.Xautho=
rity r,~/.Xdefaults r,~/.fontconfig r,~/.fonts r,~/.fonts.conf r,~/.fonts.c=
onf.d r,~/.icons r,~/.mailcap r,~/.mime.types r,~/.mozilla rwc,~/.pki rwc,~=
/.sndio rwc,~/.terminfo r,$XDG_CACHE_HOME/dconf rwc,$XDG_CACHE_HOME/thumbna=
ils rwc,$XDG_CONFIG_HOME/dconf r,$XDG_CONFIG_HOME/fontconfig r,$XDG_CONFIG_=
HOME/gtk-3.0 r,$XDG_CONFIG_HOME/mimeapps.list r,$XDG_CONFIG_HOME/mozilla rw=
c,$XDG_CONFIG_HOME/user-dirs.dirs r,$XDG_DATA_HOME/applications rwc,$XDG_DA=
TA_HOME/applnk r,$XDG_DATA_HOME/fonts r,$XDG_DATA_HOME/glib-2.0 r,$XDG_DATA=
_HOME/icons r,$XDG_DATA_HOME/mime r,$XDG_DATA_HOME/recently-used.xbel rwc,$=
XDG_DATA_HOME/themes r,~/Downloads rwc");
++pref("security.sandbox.unveil.content", "/dev/drm0 rw,/etc/fonts r,/etc/m=
achine-id r,/tmp rwc,/usr/local/lib r,/usr/local/firefox r,/usr/local/lib/f=
irefox rx,/usr/local/share r,/usr/share/locale r,/var/cache/fontconfig r,/u=
sr/X11R6/lib r,/usr/X11R6/share r,/var/run rw,~/.XCompose r,~/.Xauthority r=
,~/.Xdefaults r,~/.fontconfig r,~/.fonts r,~/.fonts.conf r,~/.fonts.conf.d =
r,~/.icons r,~/.mozilla rwc,~/.pki rwc,~/.sndio rwc,~/.terminfo r,$XDG_CACH=
E_HOME/dconf rwc,$XDG_CACHE_HOME/thumbnails rwc,$XDG_CONFIG_HOME/dconf r,$X=
DG_CONFIG_HOME/fontconfig r,$XDG_CONFIG_HOME/gtk-3.0 r,$XDG_CONFIG_HOME/mim=
eapps.list r,$XDG_CONFIG_HOME/mozilla rwc,$XDG_CONFIG_HOME/user-dirs.dirs r=
,$XDG_DATA_HOME/applications r,$XDG_DATA_HOME/applnk r,$XDG_DATA_HOME/fonts=
 r,$XDG_DATA_HOME/glib-2.0 r,$XDG_DATA_HOME/icons r,$XDG_DATA_HOME/mime r,$=
XDG_DATA_HOME/themes r,~/Downloads r");
++pref("security.sandbox.unveil.gpu", "/dev/drm0 rw,/tmp rwc,/usr/local/lib=
/firefox r,/usr/local/lib/gdk-pixbuf-2.0 r,/usr/X11R6/lib r,/usr/share/loca=
le r,/usr/local/share r,~/.Xauthority r");
+ #endif
+=20
+ #if defined(MOZ_SANDBOX)
Index: patches/patch-dom_ipc_ContentChild_cpp
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: patches/patch-dom_ipc_ContentChild_cpp
diff -N patches/patch-dom_ipc_ContentChild_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-dom_ipc_ContentChild_cpp 20 Sep 2019 02:13:42 -0000
@@ -0,0 +1,170 @@
+$OpenBSD$
+
+sandbox GPU process on OpenBSD with pledge()
+https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580268
+
+enhance sandbox on OpenBSD with unveil()
+https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580271
+
+Index: dom/ipc/ContentChild.cpp
+--- dom/ipc/ContentChild.cpp.orig
++++ dom/ipc/ContentChild.cpp
+@@ -126,6 +126,7 @@
+ #    include "mozilla/Sandbox.h"
+ #  elif defined(__OpenBSD__)
+ #    include <unistd.h>
++#    include "SpecialSystemDirectory.h"
+ #  endif
+ #endif
+=20
+@@ -4048,47 +4049,132 @@ void ContentChild::HoldBrowsingContextGroup(Brows=
ingCo
+ }  // namespace dom
+=20
+ #if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
+-#  include <unistd.h>
+=20
+ static LazyLogModule sPledgeLog("SandboxPledge");
+=20
+ bool StartOpenBSDSandbox(GeckoProcessType type) {
+   nsAutoCString promisesString;
+   nsAutoCString processTypeString;
++  nsAutoCString unveilString;
+=20
+   switch (type) {
+     case GeckoProcessType_Default:
+       processTypeString =3D "main";
+       Preferences::GetCString("security.sandbox.pledge.main", promisesStr=
ing);
++      Preferences::GetCString("security.sandbox.unveil.main", unveilStrin=
g);
+       break;
+=20
+     case GeckoProcessType_Content:
+       processTypeString =3D "content";
+-      Preferences::GetCString("security.sandbox.pledge.content",
+-                              promisesString);
++      Preferences::GetCString("security.sandbox.pledge.content", promises=
String);
++      Preferences::GetCString("security.sandbox.unveil.content", unveilSt=
ring);
+       break;
+=20
++    case GeckoProcessType_GPU:
++      processTypeString =3D "gpu";
++      Preferences::GetCString("security.sandbox.pledge.gpu", promisesStri=
ng);
++      Preferences::GetCString("security.sandbox.unveil.gpu", unveilString=
);
++      break;
++
+     default:
+       MOZ_ASSERT(false, "unknown process type");
+       return false;
+-  };
++  }
+=20
+-  if (pledge(promisesString.get(), NULL) =3D=3D -1) {
+-    if (errno =3D=3D EINVAL) {
+-      MOZ_LOG(sPledgeLog, LogLevel::Error,
+-              ("pledge promises for %s process is a malformed string: '%s=
'\n",
+-               processTypeString.get(), promisesString.get()));
+-    } else if (errno =3D=3D EPERM) {
+-      MOZ_LOG(
+-          sPledgeLog, LogLevel::Error,
+-          ("pledge promises for %s process can't elevate privileges: '%s'=
\n",
+-           processTypeString.get(), promisesString.get()));
++  if (!PR_GetEnv("MOZ_DISABLE_UNVEIL")) {
++    nsresult rv;
++
++    nsCOMPtr<nsIFile> homeDir;
++    rv =3D GetSpecialSystemDirectory(Unix_HomeDirectory, getter_AddRefs(h=
omeDir));
++    if (NS_FAILED(rv)) {
++      mozilla::ipc::FatalError("failed getting home directory", false);
+     }
+-    return false;
+-  } else {
+-    MOZ_LOG(sPledgeLog, LogLevel::Debug,
+-            ("pledged %s process with promises: '%s'\n",
++
++    bool anyUnveils =3D false;
++
++    for (const nsACString& tChunk : unveilString.Split(',')) {
++      nsAutoCString chunk;
++      chunk.Append(tChunk);
++
++      chunk.CompressWhitespace(true, true);
++      if (chunk.IsEmpty()) {
++        continue;
++      }
++
++      int32_t space =3D chunk.FindChar(' ');
++      if (space <=3D 0) {
++        mozilla::ipc::FatalError(nsPrintfCString("%s: invalid unveil "
++          "format \"%s\"", PromiseFlatCString(processTypeString).get(),
++          chunk.get()).get(), false);
++      }
++
++      nsCString uPath(Substring(chunk, 0, space));
++      nsCString perms(Substring(chunk, space + 1, chunk.Length() - space =
- 1));
++
++      // Expand $XDG_CONFIG_HOME to the environment variable, or ~/.config
++      nsCString xdgConfigHome(PR_GetEnv("XDG_CONFIG_HOME"));
++      if (xdgConfigHome.IsEmpty()) {
++        xdgConfigHome =3D "~/.config";
++      }
++      uPath.ReplaceSubstring("$XDG_CONFIG_HOME", xdgConfigHome.get());
++
++      // Expand $XDG_CACHE_HOME to the environment variable, or ~/.cache
++      nsCString xdgCacheHome(PR_GetEnv("XDG_CACHE_HOME"));
++      if (xdgCacheHome.IsEmpty()) {
++        xdgCacheHome =3D "~/.cache";
++      }
++      uPath.ReplaceSubstring("$XDG_CACHE_HOME", xdgCacheHome.get());
++
++      // Expand $XDG_DATA_HOME to the environment variable, or ~/.local/s=
hare
++      nsCString xdgDataHome(PR_GetEnv("XDG_DATA_HOME"));
++      if (xdgDataHome.IsEmpty()) {
++        xdgDataHome =3D "~/.local/share";
++      }
++      uPath.ReplaceSubstring("$XDG_DATA_HOME", xdgDataHome.get());
++
++      // Expand leading ~ to the user's home directory
++      if (uPath.FindChar('~') =3D=3D 0) {
++        nsCString tHome(homeDir->NativePath());
++        tHome.Append(Substring(uPath, 1, uPath.Length() - 1));
++        uPath =3D tHome.get();
++      }
++
++      MOZ_LOG(sPledgeLog, LogLevel::Debug, ("%s: unveil(%s, %s)\n",
++        processTypeString.get(), uPath.get(), perms.get()));
++      int ret =3D unveil(uPath.get(), perms.get());
++      if (ret !=3D 0 && ret !=3D ENOENT) {
++        mozilla::ipc::FatalError(nsPrintfCString("%s: unveil(%s, %s) fail=
ed: %d",
++          processTypeString.get(), uPath.get(), perms.get(), errno).get(),
++          false);
++      }
++
++      anyUnveils =3D true;
++    }
++
++    if (!anyUnveils) {
++      mozilla::ipc::FatalError(nsPrintfCString("failed parsing unveil str=
ing "
++        "\"%s\"", unveilString.get()).get(), false);
++    }
++  }
++
++  if (!PR_GetEnv("MOZ_DISABLE_PLEDGE")) {
++    if (pledge(promisesString.get(), nullptr) =3D=3D -1) {
++      if (errno =3D=3D EINVAL) {
++        MOZ_LOG(sPledgeLog, LogLevel::Error,
++                ("pledge promises for %s process is a malformed string: '=
%s'\n",
++                 processTypeString.get(), promisesString.get()));
++      } else if (errno =3D=3D EPERM) {
++        MOZ_LOG(
++            sPledgeLog, LogLevel::Error,
++            ("pledge promises for %s process can't elevate privileges: '%=
s'\n",
+              processTypeString.get(), promisesString.get()));
++      }
++      return false;
++    } else {
++      MOZ_LOG(sPledgeLog, LogLevel::Debug,
++              ("pledged %s process with promises: '%s'\n",
++               processTypeString.get(), promisesString.get()));
++    }
+   }
+   return true;
+ }
Index: patches/patch-gfx_ipc_GPUParent_cpp
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: patches/patch-gfx_ipc_GPUParent_cpp
diff -N patches/patch-gfx_ipc_GPUParent_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-gfx_ipc_GPUParent_cpp 20 Sep 2019 02:13:42 -0000
@@ -0,0 +1,28 @@
+$OpenBSD$
+
+sandbox GPU process on OpenBSD with pledge()
+https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580268
+
+Index: gfx/ipc/GPUParent.cpp
+--- gfx/ipc/GPUParent.cpp.orig
++++ gfx/ipc/GPUParent.cpp
+@@ -57,6 +57,8 @@
+ #  include "mozilla/WindowsVersion.h"
+ #  include <process.h>
+ #  include <dwrite.h>
++#elif defined(__OpenBSD__) && defined(MOZ_SANDBOX)
++#  include "mozilla/SandboxSettings.h"
+ #endif
+ #ifdef MOZ_WIDGET_GTK
+ #  include <gtk/gtk.h>
+@@ -122,6 +124,10 @@ bool GPUParent::Init(base::ProcessId aParentPid, const
+   mlg::InitializeMemoryReporters();
+ #if defined(XP_WIN)
+   DeviceManagerDx::Init();
++#endif
++
++#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
++  StartOpenBSDSandbox(GeckoProcessType_GPU);
+ #endif
+=20
+   CompositorThreadHolder::Start();
Index: patches/patch-toolkit_system_gnome_nsGIOService_cpp
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: patches/patch-toolkit_system_gnome_nsGIOService_cpp
diff -N patches/patch-toolkit_system_gnome_nsGIOService_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-toolkit_system_gnome_nsGIOService_cpp 20 Sep 2019 02:13:4=
2 -0000
@@ -0,0 +1,29 @@
+$OpenBSD$
+
+enhance sandbox on OpenBSD with unveil()
+https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580271
+
+Index: toolkit/system/gnome/nsGIOService.cpp
+--- toolkit/system/gnome/nsGIOService.cpp.orig
++++ toolkit/system/gnome/nsGIOService.cpp
+@@ -497,7 +497,20 @@ nsGIOService::GetAppForMimeType(const nsACString& aMim
+     return NS_ERROR_NOT_AVAILABLE;
+   }
+=20
++#if defined(__OpenBSD__) && defined(MOZ_SANDBOX)
++  // g_app_info_get_default_for_type will fail on OpenBSD's veiled filesy=
stem
++  // since we most likely don't have direct access to the binaries that a=
re
++  // registered as defaults for this type.  Fake it up by just executing
++  // xdg-open via gio-launch-desktop (which we do have access to) and let=
ting
++  // it figure out which program to execute for this MIME type
++  GAppInfo* app_info =3D g_app_info_create_from_commandline(
++    "/usr/local/bin/xdg-open",
++    nsPrintfCString("System default for %s", content_type).get(),
++    G_APP_INFO_CREATE_NONE, NULL);
++#else
+   GAppInfo* app_info =3D g_app_info_get_default_for_type(content_type, fa=
lse);
++#endif
++
+   if (app_info) {
+     nsGIOMimeApp* mozApp =3D new nsGIOMimeApp(app_info);
+     NS_ENSURE_TRUE(mozApp, NS_ERROR_OUT_OF_MEMORY);
Index: pkg/README
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs/ports/www/mozilla-firefox/pkg/README,v
retrieving revision 1.24
diff -u -p -u -p -r1.24 README
--- pkg/README 11 Jun 2019 06:01:20 -0000 1.24
+++ pkg/README 20 Sep 2019 02:13:42 -0000
@@ -28,6 +28,46 @@ right click, choose New String. Set the=20
 "network.protocol-handler.app.mailto" and the value to the path to
 your mailer.
=20
+pledge(2) and unveil(2) Support
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D
+Firefox on OpenBSD is secured with pledge(2) and unveil(2) to limit
+the system calls and filesystem access that each of Firefox's three
+process types (main, content, and GPU) is permitted.  By default,
+only ~/Downloads and /tmp can be written to when downloading files,
+or viewing them as file:// URLs.
+
+To add a specific path as writable for downloads, add it to the
+security.sandbox.unveil.main about:config key with "rw" permissions.
+To add a directory from which files can be uploaded, add it with just
+the "r" permission.
+To add a path that can be viewed as a file:// URL, it must also be
+added to the security.sandbox.unveil.content about:config key with
+"r" permissions.
+
+3rd-Party MIME Handlers
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
+Due to unveil(2) limiting filesystem access, only the default MIME
+handler registered for a given type can be chosen when opening a
+downloaded file.  For example, to use the mupdf package to read
+PDFs, it must be registered as the default with XDG:
+
+ $ xdg-mime default mupdf.desktop application/pdf
+
+The current default for a given type can be viewed with xdg-mime's
+query command:
+
+ $ xdg-mime query default application/pdf
+
+The older mailcap-format handlers are also supported, but the path
+being executed must be explicitly added to the
+security.sandbox.unveil.main about:config key with "rx" permissions.
+For example, a ~/.mailcap file specifying:
+
+ application/pdf; /usr/local/bin/xpdf %s
+
+must have "/usr/local/bin/xpdf rx" added to the unveil list for it to
+appear as an option in the "Open With" drop-down.
+
 Debugging
 =3D=3D=3D=3D=3D=3D=3D=3D=3D
 If you encounter crashes, you might want to build the debug FLAVOR of
@@ -35,9 +75,10 @@ this package, and run firefox inside egd
 debugging logs and traces (for all threads!).
 If this is a pledge violation, you should figure out which codepath
 in which process leads to calling a forbidden syscall, and which pledge
-is missing from the two default sets configured in
-security.sandbox.pledge.main and security.sandbox.pledge.content
-about:config keys. MOZ_LOG=3DSandboxPledge:5 should help.
+is missing from the three default sets configured in
+security.sandbox.pledge.main, security.sandbox.pledge.content, and
+security.sandbox.pledge.gpu about:config keys.
+MOZ_LOG=3DSandboxPledge:5 should help.
 Bug reports without enough information will be ignored.
=20
 Note that if you're using NIS or your profile is located on a NFS share,
@@ -49,6 +90,10 @@ security.sandbox.pledge.content in about
=20
 If you're not running sndiod(8) you will need to add 'audio' to
 security.sandbox.pledge.main in about:config.
+
+To disable pledge support when troubleshooting, set the
+MOZ_DISABLE_PLEDGE environment variable before starting Firefox.
+Similarly, to disable unveil support, set MOZ_DISABLE_UNVEIL.
=20
 D-BUS
 =3D=3D=3D=3D=3D

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Stuart Henderson
On 2019/09/20 10:00, joshua stein wrote:
> While the Chrome port uses separate files in /etc/chromium for
> unveil file lists, these patches use new comma-separated
> about:config keys for them.

> onts r,/etc/machine-id r,/etc/mailcap r,/tmp rwc,/usr/bin/lpr rx,/usr/local=
> /bin/gio-launch-desktop rx,/usr/local/lib r,/usr/local/firefox r,/usr/local=
> /lib/firefox rx,/usr/local/share r,/usr/share/locale r,/var/cache/fontconfi=
> g r,/usr/X11R6/lib r,/usr/X11R6/share r,/var/run rw,~/.XCompose r,~/.Xautho=

Ports shouldn't use hardcoded /usr/local - the diff attached uses
${LOCALBASE}/${TRUEPREFIX} instead of /usr/local as appropriate,
${X11BASE} instead of /usr/X11R6, ${SYSCONFDIR} for the /etc files
that comes from ports rather than base, and ${SUBST_CMD} in
post-patch to substitute them for the correct paths.

fwiw, I'm a bit worried about the per-user config for this, will the
list be copied as-is to individual user prefs (my test build isn't done
yet) .. The list will definitely need to be updated in the future and
that won't work if users have to hand apply the changes to their own
profile. (Also it makes life difficult for multi-user installs ..).


fx-pledge.diff (18K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

joshua stein-3
On Fri, 20 Sep 2019 at 17:33:40 +0100, Stuart Henderson wrote:

> On 2019/09/20 10:00, joshua stein wrote:
> > While the Chrome port uses separate files in /etc/chromium for
> > unveil file lists, these patches use new comma-separated
> > about:config keys for them.
>
> > onts r,/etc/machine-id r,/etc/mailcap r,/tmp rwc,/usr/bin/lpr rx,/usr/local=
> > /bin/gio-launch-desktop rx,/usr/local/lib r,/usr/local/firefox r,/usr/local=
> > /lib/firefox rx,/usr/local/share r,/usr/share/locale r,/var/cache/fontconfi=
> > g r,/usr/X11R6/lib r,/usr/X11R6/share r,/var/run rw,~/.XCompose r,~/.Xautho=
>
> Ports shouldn't use hardcoded /usr/local - the diff attached uses
> ${LOCALBASE}/${TRUEPREFIX} instead of /usr/local as appropriate,
> ${X11BASE} instead of /usr/X11R6, ${SYSCONFDIR} for the /etc files
> that comes from ports rather than base, and ${SUBST_CMD} in
> post-patch to substitute them for the correct paths.

These patches have to go upstream, so those paths can't be dynamic.  
I don't know what Landry's plan is for patching our port before they
are committed upstream, but once they are committed, I guess there
can be a post-patch step to turn them from hard-coded defaults to
${LOCALBASE} and friends.

> fwiw, I'm a bit worried about the per-user config for this, will the
> list be copied as-is to individual user prefs (my test build isn't done
> yet) .. The list will definitely need to be updated in the future and
> that won't work if users have to hand apply the changes to their own
> profile. (Also it makes life difficult for multi-user installs ..).

The new preferences are like any other default in Firefox and don't
actually get stored in the user's profile unless they have been
modified.  So for most users, each Firefox/package update will be
using the new lists as shipped with Firefox or our package.

I would have preferred local files like Chromium because they are
much easier to view/edit, easier to diff, and if root-owned, an
unprivileged user can't modify them.  But for integration into
Firefox, this is what they wanted and Landry and I would rather not
maintain our own ball of local patches (see Chromium).

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

joshua stein-3
On Fri, 20 Sep 2019 at 11:44:58 -0500, joshua stein wrote:

> On Fri, 20 Sep 2019 at 17:33:40 +0100, Stuart Henderson wrote:
> > On 2019/09/20 10:00, joshua stein wrote:
> > > While the Chrome port uses separate files in /etc/chromium for
> > > unveil file lists, these patches use new comma-separated
> > > about:config keys for them.
> >
> > > onts r,/etc/machine-id r,/etc/mailcap r,/tmp rwc,/usr/bin/lpr rx,/usr/local=
> > > /bin/gio-launch-desktop rx,/usr/local/lib r,/usr/local/firefox r,/usr/local=
> > > /lib/firefox rx,/usr/local/share r,/usr/share/locale r,/var/cache/fontconfi=
> > > g r,/usr/X11R6/lib r,/usr/X11R6/share r,/var/run rw,~/.XCompose r,~/.Xautho=
> >
> > Ports shouldn't use hardcoded /usr/local - the diff attached uses
> > ${LOCALBASE}/${TRUEPREFIX} instead of /usr/local as appropriate,
> > ${X11BASE} instead of /usr/X11R6, ${SYSCONFDIR} for the /etc files
> > that comes from ports rather than base, and ${SUBST_CMD} in
> > post-patch to substitute them for the correct paths.
>
> These patches have to go upstream, so those paths can't be dynamic.  
> I don't know what Landry's plan is for patching our port before they
> are committed upstream, but once they are committed, I guess there
> can be a post-patch step to turn them from hard-coded defaults to
> ${LOCALBASE} and friends.

Or I guess at that point it would actually be a patch to the
hard-coded files, which then has to get post-patched.  I don't know.

But to clarify, I'm not proposing to commit what I'm sending out,
this is just to get feedback from Firefox users so I can refine the
changes that are going upstream.  Then once they are committed or at
least slated for inclusion, we can figure out how to integrate them
into our port(s) and patch up any hard-coded paths.

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Antoine Jacoutot-7
In reply to this post by joshua stein-3
> > Ports shouldn't use hardcoded /usr/local - the diff attached uses
> > ${LOCALBASE}/${TRUEPREFIX} instead of /usr/local as appropriate,
> > ${X11BASE} instead of /usr/X11R6, ${SYSCONFDIR} for the /etc files
> > that comes from ports rather than base, and ${SUBST_CMD} in
> > post-patch to substitute them for the correct paths.
>
> These patches have to go upstream, so those paths can't be dynamic.  
> I don't know what Landry's plan is for patching our port before they
> are committed upstream, but once they are committed, I guess there
> can be a post-patch step to turn them from hard-coded defaults to
> ${LOCALBASE} and friends.

After *all* these years, I don't understand why we are still pretending to be
able to install stuff outside of /usr/local.
It causes nothing but pain for porters for absolutely *0* benefit. Because it's
a promise we cannot hold.
Can't we just agree that VARBASE is /var, SYSCONFDIR is /etc and PREFIX is
/usr/local once and for all?

Sorry for hijacking this thread but we all know what all these SUBST_CMD do in
real life: s,/usr/local,/usr/local,

Time to be pragmatic...

--
Antoine

Reply | Threaded
Open this post in threaded view
|

LOCALBASE [Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]]

Stuart Henderson
On 2019/09/20 19:03, Antoine Jacoutot wrote:

> > > Ports shouldn't use hardcoded /usr/local - the diff attached uses
> > > ${LOCALBASE}/${TRUEPREFIX} instead of /usr/local as appropriate,
> > > ${X11BASE} instead of /usr/X11R6, ${SYSCONFDIR} for the /etc files
> > > that comes from ports rather than base, and ${SUBST_CMD} in
> > > post-patch to substitute them for the correct paths.
> >
> > These patches have to go upstream, so those paths can't be dynamic.  
> > I don't know what Landry's plan is for patching our port before they
> > are committed upstream, but once they are committed, I guess there
> > can be a post-patch step to turn them from hard-coded defaults to
> > ${LOCALBASE} and friends.
>
> After *all* these years, I don't understand why we are still pretending to be
> able to install stuff outside of /usr/local.
> It causes nothing but pain for porters for absolutely *0* benefit. Because it's
> a promise we cannot hold.
> Can't we just agree that VARBASE is /var, SYSCONFDIR is /etc and PREFIX is
> /usr/local once and for all?
>
> Sorry for hijacking this thread but we all know what all these SUBST_CMD do in
> real life: s,/usr/local,/usr/local,
>
> Time to be pragmatic...

I'm not opposed to that. But it should be a decision taken separately
rather than just not bothering to continue with the status quo in any
particular port update.

Reply | Threaded
Open this post in threaded view
|

Re: LOCALBASE [Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]]

Antoine Jacoutot-7
> > After *all* these years, I don't understand why we are still pretending to be
> > able to install stuff outside of /usr/local.
> > It causes nothing but pain for porters for absolutely *0* benefit. Because it's
> > a promise we cannot hold.
> > Can't we just agree that VARBASE is /var, SYSCONFDIR is /etc and PREFIX is
> > /usr/local once and for all?
> >
> > Sorry for hijacking this thread but we all know what all these SUBST_CMD do in
> > real life: s,/usr/local,/usr/local,
> >
> > Time to be pragmatic...
>
> I'm not opposed to that. But it should be a decision taken separately
> rather than just not bothering to continue with the status quo in any
> particular port update.

Agreed, that's why I said I was sorry about hijacking the thread.
I will shut up and put it on the agenda for p2k19.

--
Antoine

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Solene Rapenne
In reply to this post by joshua stein-3
On Fri, Sep 20, 2019 at 10:00:32AM -0500, joshua stein wrote:

> (I'm going to keep trying to send this until I get it right!)
>
>
> I've been working on enhancing the security of our Firefox port over
> the past couple weeks and would like some wider testing.
>
> - Firefox's GPU process gains pledge(2) support, now all three
>   process types (main, content, and gpu) are pledged.
>
> - The inet permission is removed from content processes as they work
>   without it.
>
> - All three process types gain unveil(2) support to limit filesystem
>   access.  Similar to our Chrome port, ~/Downloads and /tmp become
>   the only major directories that the main process can read from and
>   write to (aside from some other Firefox- and Gtk-specific
>   cache/support directories like ~/.mozilla) and that the content
>   process can read from for viewing files as file:// URLs.

I'm running Firefox with this patch, I did not encounter any issue with
my typical daily usage.

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Landry Breuil-5
In reply to this post by joshua stein-3
On Fri, Sep 20, 2019 at 10:00:32AM -0500, joshua stein wrote:

<snip>

> These patches are being tracked upstream and landry@ will help to
> get them integrated once they are stable, although this review
> process may take a while and it will probably take a while before
> they reach a mainline release:
>
> - sandbox GPU process on OpenBSD with pledge():
>   https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580268
>
> - enhance sandbox on OpenBSD with unveil():
>   https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580271
>
> As for testing, please try all of your normal Firefox usage as
> everything should still work.  I've tested all of these things:
>
> - Launching with an existing profile or letting it create a new one
>   in ~/.mozilla
> - Basic multi-tabbed and multi-window browsing
> - Add-ons (Bitwarden, uBlock Origin, Tunnelbear VPN, etc.)
> - Playing a YouTube video with sound
> - Webcam access
> - Accelerated graphics with MOZ_ACCELERATED=3D1 (verifying
>   about:support shows HW_COMPOSITING enabled and detailed GPU #1
>   info), viewing some WebGL benchmark sites
> - File->Open, can only view ~/Downloads (this is the main process)
> - When a file is selected, it is able to be opened as a file://
>   URL (this is a content process reading it)
> - When uploading a file, only ~/Downloads can be seen (or a
>   read-only directory like ~/Photos specifically added to the
>   security.sandbox.unveil.main list)
> - Executing a 3rd party app via GIO/XDG such as mupdf for opening
>   PDFs
> - Executing a 3rd party app from ~/.mailcap such as xpdf for PDFs
> - Printing via CUPS

Everyone using firefox should definitely add its own usecases on top and
test this. The idea is to refine the paths list until we have something
we're confident with, then defaults will be pushed upstream. In the
meantime, we'll work with upstream to get the plumbing/logic commited,
as it can be done independentely from the paths list.

If ppl have a hard time building with the patches, my beta pkgs for 70
available as usual at https://packages.rhaalovely.net/snapshots/amd64/
have some variation of the patches built from this git branch:
https://cgit.rhaalovely.net/mozilla-firefox/?h=unveil
I will keep this git branch updated with the patches posted upstream at
https://bugzilla.mozilla.org/show_bug.cgi?id=1580268 &
https://bugzilla.mozilla.org/show_bug.cgi?id=1580271

Many thanks jcs@ for working on this, and i hope to get them
tested/polished enough by november so that it can get commited around
p2k19.

Landry

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Timo Myyrä-6
Landry Breuil <[hidden email]> writes:

> On Fri, Sep 20, 2019 at 10:00:32AM -0500, joshua stein wrote:
>
> <snip>
>
>> These patches are being tracked upstream and landry@ will help to
>> get them integrated once they are stable, although this review
>> process may take a while and it will probably take a while before
>> they reach a mainline release:
>>
>> - sandbox GPU process on OpenBSD with pledge():
>>   https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580268
>>
>> - enhance sandbox on OpenBSD with unveil():
>>   https://bugzilla.mozilla.org/show_bug.cgi?id=3D1580271
>>
>> As for testing, please try all of your normal Firefox usage as
>> everything should still work.  I've tested all of these things:
>>
>> - Launching with an existing profile or letting it create a new one
>>   in ~/.mozilla
>> - Basic multi-tabbed and multi-window browsing
>> - Add-ons (Bitwarden, uBlock Origin, Tunnelbear VPN, etc.)
>> - Playing a YouTube video with sound
>> - Webcam access
>> - Accelerated graphics with MOZ_ACCELERATED=3D1 (verifying
>>   about:support shows HW_COMPOSITING enabled and detailed GPU #1
>>   info), viewing some WebGL benchmark sites
>> - File->Open, can only view ~/Downloads (this is the main process)
>> - When a file is selected, it is able to be opened as a file://
>>   URL (this is a content process reading it)
>> - When uploading a file, only ~/Downloads can be seen (or a
>>   read-only directory like ~/Photos specifically added to the
>>   security.sandbox.unveil.main list)
>> - Executing a 3rd party app via GIO/XDG such as mupdf for opening
>>   PDFs
>> - Executing a 3rd party app from ~/.mailcap such as xpdf for PDFs
>> - Printing via CUPS
>
> Everyone using firefox should definitely add its own usecases on top and
> test this. The idea is to refine the paths list until we have something
> we're confident with, then defaults will be pushed upstream. In the
> meantime, we'll work with upstream to get the plumbing/logic commited,
> as it can be done independentely from the paths list.
>
> If ppl have a hard time building with the patches, my beta pkgs for 70
> available as usual at https://packages.rhaalovely.net/snapshots/amd64/
> have some variation of the patches built from this git branch:
> https://cgit.rhaalovely.net/mozilla-firefox/?h=unveil
> I will keep this git branch updated with the patches posted upstream at
> https://bugzilla.mozilla.org/show_bug.cgi?id=1580268 &
> https://bugzilla.mozilla.org/show_bug.cgi?id=1580271
>
> Many thanks jcs@ for working on this, and i hope to get them
> tested/polished enough by november so that it can get commited around
> p2k19.
>
> Landry

Firefox fails to start after replacing the "stock version":

firefox[22060]: pledge "tty", syscall 54
tmy@asteroid tmy $ firefox
IPDL protocol error: main: unveil($XDG_CACHE_HOME/dconf, rwc) failed: 2
Segmentation fault (core dumped)
tmy@asteroid tmy $ echo $XDG_CACHE_HOME

tmy@asteroid tmy $

timo

prx
Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

prx
In reply to this post by Landry Breuil-5
[snip]

>
> Everyone using firefox should definitely add its own usecases on top and
> test this. The idea is to refine the paths list until we have something
> we're confident with, then defaults will be pushed upstream. In the
> meantime, we'll work with upstream to get the plumbing/logic commited,
> as it can be done independentely from the paths list.
>
> If ppl have a hard time building with the patches, my beta pkgs for 70
> available as usual at https://packages.rhaalovely.net/snapshots/amd64/
>

I installed the above package (thanks for this) and started firefox
after deleting ~/.mozilla. It's crashing.

Below some more details :

        $ firefox
        IPDL protocol error: main:
        unveil(/.config/.config/.local/share/.cache/dconf, rwc) failed: 2
        Segmentation fault (core dumped)

        $ tail /var/log/messages
        Sep 22 13:49:00 moria firefox: vfprintf %s NULL in "%s: Resetting
        desktop app info dirs from %s to %s"

        $ gdb firefox.core
        [...]
        Core was generated by `firefox'.
        Program terminated with signal 11, Segmentation fault.
        0  0x000011c39178be2a in ?? ()

        (gbd) bt full

        #0  0x000011c39178be2a in ?? ()
        No symbol table info available.
        #1  0xfffb1b89345035c0 in ?? ()
        No symbol table info available.
        #2  0xfff9000000000000 in ?? ()
        No symbol table info available.
        #3  0x000015f8073266f0 in ?? ()
        No symbol table info available.
        #4  0x0000000b00000252 in ?? ()
        No symbol table info available.
        #5  0x74536c61626f6c47 in ?? ()
        No symbol table info available.
        #6  0x0000000000657461 in ?? ()
        No symbol table info available.
        #7  0x0000000000000000 in ?? ()
        No symbol table info available.

        $ dmesg
        OpenBSD 6.6-beta (GENERIC.MP) #314: Mon Sep 16 19:13:24 MDT 2019
                [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
        real mem = 4217090048 (4021MB)
        avail mem = 4076605440 (3887MB)
        mpath0 at root
        scsibus0 at mpath0: 256 targets
        mainbus0 at root
        bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (55 entries)
        bios0: vendor American Megatrends Inc. version "V30.6" date 12/15/2014
        bios0: MSI MS-7721
        acpi0 at bios0: ACPI 5.0
        acpi0: sleep states S0 S3 S4 S5
        acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET UEFI IVRS SSDT SSDT CRAT SSDT SSDT SSDT
        acpi0: wakeup devices SBAZ(S4) P0PC(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) PE20(S4) PE21(S4) PE23(S4) PB2_(S4) PB3_(S4) [...]
        acpitimer0 at acpi0: 3579545 Hz, 32 bits
        acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
        cpu0 at mainbus0: apid 16 (boot processor)
        cpu0: AMD A8-6600K APU with Radeon(tm) HD Graphics, 4021.08 MHz, 15-13-01
        cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu0: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=0 observed drift=0
        cpu0: smt 0, core 0, package 0
        mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
        cpu0: apic clock running at 103MHz
        cpu0: mwait min=64, max=64, IBE
        cpu1 at mainbus0: apid 17 (application processor)
        TSC skew=103
        cpu1: AMD A8-6600K APU with Radeon(tm) HD Graphics, 798.76 MHz, 15-13-01
        cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu1: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=103 observed drift=0
        cpu1: smt 1, core 0, package 0
        cpu2 at mainbus0: apid 18 (application processor)
        TSC skew=-132
        cpu2: AMD A8-6600K APU with Radeon(tm) HD Graphics, 798.25 MHz, 15-13-01
        cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu2: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=-132 observed drift=0
        cpu2: smt 0, core 1, package 0
        cpu3 at mainbus0: apid 19 (application processor)
        TSC skew=-279
        cpu3: AMD A8-6600K APU with Radeon(tm) HD Graphics, 798.65 MHz, 15-13-01
        cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu3: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=-279 observed drift=0
        cpu3: smt 1, core 1, package 0
        ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 21, 24 pins
        acpimcfg0 at acpi0
        acpimcfg0: addr 0xe0000000, bus 0-255
        acpihpet0 at acpi0: 14318180 Hz
        acpiprt0 at acpi0: bus 0 (PCI0)
        acpiprt1 at acpi0: bus 3 (P0PC)
        acpiprt2 at acpi0: bus -1 (PE20)
        acpiprt3 at acpi0: bus -1 (PE21)
        acpiprt4 at acpi0: bus -1 (PE23)
        acpiprt5 at acpi0: bus 1 (PB2_)
        acpiprt6 at acpi0: bus -1 (PB3_)
        acpiprt7 at acpi0: bus 2 (PB4_)
        acpiprt8 at acpi0: bus -1 (PB5_)
        acpiprt9 at acpi0: bus -1 (PB6_)
        acpiprt10 at acpi0: bus -1 (PB7_)
        acpiprt11 at acpi0: bus -1 (PE22)
        acpicpu0 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpicpu1 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpicpu2 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpicpu3 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
        acpicmos0 at acpi0
        acpibtn0 at acpi0: PWRB
        "pnp0c14" at acpi0 not configured
        acpivideo0 at acpi0: VGA_
        acpivideo1 at acpi0: VGA_
        acpivideo2 at acpi0: VGA_
        cpu0: 4021 MHz: speeds: 3900 3600 3000 2500 1900 MHz
        pci0 at mainbus0 bus 0
        pchb0 at pci0 dev 0 function 0 "AMD AMD64 15/1xh Host" rev 0x00
        "AMD AMD64 15/1xh IOMMU" rev 0x00 at pci0 dev 0 function 2 not configured
        ppb0 at pci0 dev 2 function 0 "AMD AMD64 15/1xh PCIE" rev 0x00: msi
        pci1 at ppb0 bus 1
        radeondrm0 at pci1 dev 0 function 0 "ATI Radeon HD 6850" rev 0x00
        drm0 at radeondrm0
        radeondrm0: msi
        azalia0 at pci1 dev 0 function 1 vendor "ATI", unknown product 0xaa88 rev 0x00: msi
        azalia0: no supported codecs
        ppb1 at pci0 dev 4 function 0 "AMD AMD64 15/1xh PCIE" rev 0x00: msi
        pci2 at ppb1 bus 2
        re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G (0x4c00), msi, address 44:8a:5b:d4:0f:a3
        rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
        xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0
        usb0 at xhci0: USB revision 3.0
        uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
        xhci1 at pci0 dev 16 function 1 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0
        usb1 at xhci1: USB revision 3.0
        uhub1 at usb1 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
        ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: msi, AHCI 1.3
        ahci0: port 0: 6.0Gb/s
        ahci0: port 1: 3.0Gb/s
        scsibus1 at ahci0: 32 targets
        sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 850, EMT0> naa.5002538d41e6d54d
        sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
        sd1 at scsibus1 targ 1 lun 0: <ATA, WDC WD5000AAKS-6, 06.0> naa.50014ee15834bd34
        sd1: 476940MB, 512 bytes/sector, 976773168 sectors
        ohci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        ehci0 at pci0 dev 18 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
        usb2 at ehci0: USB revision 2.0
        uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
        ohci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        ehci1 at pci0 dev 19 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
        usb3 at ehci1: USB revision 2.0
        uhub3 at usb3 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
        piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x16: polling
        iic0 at piixpm0
        spdmem0 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-10600
        spdmem1 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600
        azalia1 at pci0 dev 20 function 2 "AMD Hudson-2 HD Audio" rev 0x01: apic 0 int 16
        azalia1: codecs: Realtek/0x0887
        audio0 at azalia1
        pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11
        ppb2 at pci0 dev 20 function 4 "AMD Hudson-2 PCI" rev 0x40
        pci3 at ppb2 bus 3
        ohci2 at pci0 dev 20 function 5 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        pchb1 at pci0 dev 24 function 0 "AMD AMD64 15/1xh Link Cfg" rev 0x00
        pchb2 at pci0 dev 24 function 1 "AMD AMD64 15/1xh Address Map" rev 0x00
        pchb3 at pci0 dev 24 function 2 "AMD AMD64 15/1xh DRAM Cfg" rev 0x00
        km0 at pci0 dev 24 function 3 "AMD AMD64 15/1xh Misc Cfg" rev 0x00
        pchb4 at pci0 dev 24 function 4 "AMD AMD64 15/1xh CPU Power" rev 0x00
        pchb5 at pci0 dev 24 function 5 "AMD AMD64 15/1xh NB Power" rev 0x00
        usb4 at ohci0: USB revision 1.0
        uhub4 at usb4 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        usb5 at ohci1: USB revision 1.0
        uhub5 at usb5 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        isa0 at pcib0
        isadma0 at isa0
        com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
        com0: probed fifo depth: 15 bytes
        pckbc0 at isa0 port 0x60/5 irq 1 irq 12
        pckbd0 at pckbc0 (kbd slot)
        wskbd0 at pckbd0: console keyboard
        pcppi0 at isa0 port 0x61
        spkr0 at pcppi0
        lpt0 at isa0 port 0x378/4 irq 7
        usb6 at ohci2: USB revision 1.0
        uhub6 at usb6 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        vmm0 at mainbus0: SVM/RVI
        uhub7 at uhub5 port 1 configuration 1 interface 0 "ALCOR USB Hub 2.0" rev 2.00/7.02 addr 2
        uhidev0 at uhub7 port 3 configuration 1 interface 0 " USB Keyboard" rev 1.10/4.06 addr 3
        uhidev0: iclass 3/1
        ukbd0 at uhidev0: 8 variable keys, 6 key codes
        wskbd1 at ukbd0 mux 1
        uhidev1 at uhub7 port 3 configuration 1 interface 1 " USB Keyboard" rev 1.10/4.06 addr 3
        uhidev1: iclass 3/0, 2 report ids
        uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
        uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
        uhidev2 at uhub7 port 4 configuration 1 interface 0 "Logitech USB Receiver" rev 2.00/29.01 addr 4
        uhidev2: iclass 3/1
        ukbd1 at uhidev2: 8 variable keys, 6 key codes
        wskbd2 at ukbd1 mux 1
        uhidev3 at uhub7 port 4 configuration 1 interface 1 "Logitech USB Receiver" rev 2.00/29.01 addr 4
        uhidev3: iclass 3/1, 17 report ids
        ums0 at uhidev3 reportid 2: 16 buttons, Z and W dir
        wsmouse0 at ums0 mux 0
        uhid2 at uhidev3 reportid 3: input=4, output=0, feature=0
        uhid3 at uhidev3 reportid 4: input=1, output=0, feature=0
        uhid4 at uhidev3 reportid 16: input=6, output=6, feature=0
        uhid5 at uhidev3 reportid 17: input=19, output=19, feature=0
        vscsi0 at root
        scsibus2 at vscsi0: 256 targets
        softraid0 at root
        scsibus3 at softraid0: 256 targets
        sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
        sd2: 238472MB, 512 bytes/sector, 488391473 sectors
        root on sd2a (ae15c17b9037e886.a) swap on sd2b dump on sd2b
        initializing kernel modesetting (BARTS 0x1002:0x6739 0x174B:0x174B 0x00).
        radeondrm0: 1440x900, 32bpp
        wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0
        wskbd1: connecting to wsdisplay0
        wskbd2: connecting to wsdisplay0
        wsdisplay0: screen 1-5 added (std, vt100 emulation)
        syncing disks... done
        r
        OpenBSD 6.6-beta (RAMDISK_CD) #292: Wed Sep 18 19:08:49 MDT 2019
                [hidden email]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
        real mem = 4217090048 (4021MB)
        avail mem = 4085305344 (3896MB)
        mainbus0 at root
        bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (55 entries)
        bios0: vendor American Megatrends Inc. version "V30.6" date 12/15/2014
        bios0: MSI MS-7721
        acpi0 at bios0: ACPI 5.0
        acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET UEFI IVRS SSDT SSDT CRAT SSDT SSDT SSDT
        acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
        cpu0 at mainbus0: apid 16 (boot processor)
        cpu0: AMD A8-6600K APU with Radeon(tm) HD Graphics, 4020.54 MHz, 15-13-01
        cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu0: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=0 observed drift=0
        cpu0: apic clock running at 103MHz
        cpu0: mwait min=64, max=64, IBE
        cpu at mainbus0: not configured
        cpu at mainbus0: not configured
        cpu at mainbus0: not configured
        ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 21, 24 pins
        acpiprt0 at acpi0: bus 0 (PCI0)
        acpiprt1 at acpi0: bus 3 (P0PC)
        acpiprt2 at acpi0: bus -1 (PE20)
        acpiprt3 at acpi0: bus -1 (PE21)
        acpiprt4 at acpi0: bus -1 (PE23)
        acpiprt5 at acpi0: bus 1 (PB2_)
        acpiprt6 at acpi0: bus -1 (PB3_)
        acpiprt7 at acpi0: bus 2 (PB4_)
        acpiprt8 at acpi0: bus -1 (PB5_)
        acpiprt9 at acpi0: bus -1 (PB6_)
        acpiprt10 at acpi0: bus -1 (PB7_)
        acpiprt11 at acpi0: bus -1 (PE22)
        acpicpu at acpi0 not configured
        "PNP0A08" at acpi0 not configured
        acpicmos0 at acpi0
        "PNP0C0C" at acpi0 not configured
        "pnp0c14" at acpi0 not configured
        pci0 at mainbus0 bus 0
        pchb0 at pci0 dev 0 function 0 "AMD AMD64 15/1xh Host" rev 0x00
        "AMD AMD64 15/1xh IOMMU" rev 0x00 at pci0 dev 0 function 2 not configured
        ppb0 at pci0 dev 2 function 0 "AMD AMD64 15/1xh PCIE" rev 0x00: msi
        pci1 at ppb0 bus 1
        vga1 at pci1 dev 0 function 0 "ATI Radeon HD 6850" rev 0x00
        wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
        vendor "ATI", unknown product 0xaa88 (class multimedia subclass hdaudio, rev 0x00) at pci1 dev 0 function 1 not configured
        ppb1 at pci0 dev 4 function 0 "AMD AMD64 15/1xh PCIE" rev 0x00: msi
        pci2 at ppb1 bus 2
        re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G (0x4c00), msi, address 44:8a:5b:d4:0f:a3
        rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
        xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0
        usb0 at xhci0: USB revision 3.0
        uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
        xhci1 at pci0 dev 16 function 1 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0
        usb1 at xhci1: USB revision 3.0
        uhub1 at usb1 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
        ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: msi, AHCI 1.3
        ahci0: port 0: 6.0Gb/s
        ahci0: port 1: 3.0Gb/s
        scsibus0 at ahci0: 32 targets
        sd0 at scsibus0 targ 0 lun 0: <ATA, Samsung SSD 850, EMT0> naa.5002538d41e6d54d
        sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
        sd1 at scsibus0 targ 1 lun 0: <ATA, WDC WD5000AAKS-6, 06.0> naa.50014ee15834bd34
        sd1: 476940MB, 512 bytes/sector, 976773168 sectors
        ohci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        ehci0 at pci0 dev 18 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
        usb2 at ehci0: USB revision 2.0
        uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
        ohci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        ehci1 at pci0 dev 19 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
        usb3 at ehci1: USB revision 2.0
        uhub3 at usb3 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
        "AMD Hudson-2 SMBus" rev 0x16 at pci0 dev 20 function 0 not configured
        "AMD Hudson-2 HD Audio" rev 0x01 at pci0 dev 20 function 2 not configured
        "AMD Hudson-2 LPC" rev 0x11 at pci0 dev 20 function 3 not configured
        ppb2 at pci0 dev 20 function 4 "AMD Hudson-2 PCI" rev 0x40
        pci3 at ppb2 bus 3
        ohci2 at pci0 dev 20 function 5 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        pchb1 at pci0 dev 24 function 0 "AMD AMD64 15/1xh Link Cfg" rev 0x00
        pchb2 at pci0 dev 24 function 1 "AMD AMD64 15/1xh Address Map" rev 0x00
        pchb3 at pci0 dev 24 function 2 "AMD AMD64 15/1xh DRAM Cfg" rev 0x00
        pchb4 at pci0 dev 24 function 3 "AMD AMD64 15/1xh Misc Cfg" rev 0x00
        pchb5 at pci0 dev 24 function 4 "AMD AMD64 15/1xh CPU Power" rev 0x00
        pchb6 at pci0 dev 24 function 5 "AMD AMD64 15/1xh NB Power" rev 0x00
        usb4 at ohci0: USB revision 1.0
        uhub4 at usb4 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        usb5 at ohci1: USB revision 1.0
        uhub5 at usb5 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        usb6 at ohci2: USB revision 1.0
        uhub6 at usb6 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        isa0 at mainbus0
        com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
        com0: probed fifo depth: 15 bytes
        pckbc0 at isa0 port 0x60/5 irq 1 irq 12
        pckbd0 at pckbc0 (kbd slot)
        wskbd0 at pckbd0: console keyboard, using wsdisplay1
        uhub7 at uhub5 port 1 configuration 1 interface 0 "ALCOR USB Hub 2.0" rev 2.00/7.02 addr 2
        uhidev0 at uhub7 port 3 configuration 1 interface 0 " USB Keyboard" rev 1.10/4.06 addr 3
        uhidev0: iclass 3/1
        ukbd0 at uhidev0
        wskbd1 at ukbd0 mux 1
        wskbd1: connecting to wsdisplay1
        uhidev1 at uhub7 port 3 configuration 1 interface 1 " USB Keyboard" rev 1.10/4.06 addr 3
        uhidev1: iclass 3/0, 2 report ids
        uhid at uhidev1 reportid 1 not configured
        uhid at uhidev1 reportid 2 not configured
        uhidev2 at uhub7 port 4 configuration 1 interface 0 "Logitech USB Receiver" rev 2.00/29.01 addr 4
        uhidev2: iclass 3/1
        ukbd1 at uhidev2
        wskbd2 at ukbd1 mux 1
        wskbd2: connecting to wsdisplay1
        uhidev3 at uhub7 port 4 configuration 1 interface 1 "Logitech USB Receiver" rev 2.00/29.01 addr 4
        uhidev3: iclass 3/1, 17 report ids
        uhid at uhidev3 reportid 2 not configured
        uhid at uhidev3 reportid 3 not configured
        uhid at uhidev3 reportid 4 not configured
        uhid at uhidev3 reportid 16 not configured
        uhid at uhidev3 reportid 17 not configured
        softraid0 at root
        scsibus1 at softraid0: 256 targets
        sd2 at scsibus1 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
        sd2: 238472MB, 512 bytes/sector, 488391473 sectors
        root on rd0a swap on rd0b dump on rd0b
        syncing disks...
        OpenBSD 6.6-beta (GENERIC.MP) #315: Wed Sep 18 19:01:31 MDT 2019
                [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
        real mem = 4217090048 (4021MB)
        avail mem = 4076605440 (3887MB)
        mpath0 at root
        scsibus0 at mpath0: 256 targets
        mainbus0 at root
        bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (55 entries)
        bios0: vendor American Megatrends Inc. version "V30.6" date 12/15/2014
        bios0: MSI MS-7721
        acpi0 at bios0: ACPI 5.0
        acpi0: sleep states S0 S3 S4 S5
        acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET UEFI IVRS SSDT SSDT CRAT SSDT SSDT SSDT
        acpi0: wakeup devices SBAZ(S4) P0PC(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) PE20(S4) PE21(S4) PE23(S4) PB2_(S4) PB3_(S4) [...]
        acpitimer0 at acpi0: 3579545 Hz, 32 bits
        acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
        cpu0 at mainbus0: apid 16 (boot processor)
        cpu0: AMD A8-6600K APU with Radeon(tm) HD Graphics, 4022.25 MHz, 15-13-01
        cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu0: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=0 observed drift=0
        cpu0: smt 0, core 0, package 0
        mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
        cpu0: apic clock running at 103MHz
        cpu0: mwait min=64, max=64, IBE
        cpu1 at mainbus0: apid 17 (application processor)
        TSC skew=72
        cpu1: AMD A8-6600K APU with Radeon(tm) HD Graphics, 397.05 MHz, 15-13-01
        cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu1: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=72 observed drift=0
        cpu1: smt 1, core 0, package 0
        cpu2 at mainbus0: apid 18 (application processor)
        TSC skew=-141
        cpu2: AMD A8-6600K APU with Radeon(tm) HD Graphics, 396.23 MHz, 15-13-01
        cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu2: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=-141 observed drift=0
        cpu2: smt 0, core 1, package 0
        cpu3 at mainbus0: apid 19 (application processor)
        TSC skew=-190
        cpu3: AMD A8-6600K APU with Radeon(tm) HD Graphics, 396.63 MHz, 15-13-01
        cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu3: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=-190 observed drift=0
        cpu3: smt 1, core 1, package 0
        ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 21, 24 pins
        acpimcfg0 at acpi0
        acpimcfg0: addr 0xe0000000, bus 0-255
        acpihpet0 at acpi0: 14318180 Hz
        acpiprt0 at acpi0: bus 0 (PCI0)
        acpiprt1 at acpi0: bus 3 (P0PC)
        acpiprt2 at acpi0: bus -1 (PE20)
        acpiprt3 at acpi0: bus -1 (PE21)
        acpiprt4 at acpi0: bus -1 (PE23)
        acpiprt5 at acpi0: bus 1 (PB2_)
        acpiprt6 at acpi0: bus -1 (PB3_)
        acpiprt7 at acpi0: bus 2 (PB4_)
        acpiprt8 at acpi0: bus -1 (PB5_)
        acpiprt9 at acpi0: bus -1 (PB6_)
        acpiprt10 at acpi0: bus -1 (PB7_)
        acpiprt11 at acpi0: bus -1 (PE22)
        acpicpu0 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpicpu1 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpicpu2 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpicpu3 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
        acpicmos0 at acpi0
        acpibtn0 at acpi0: PWRB
        "pnp0c14" at acpi0 not configured
        acpivideo0 at acpi0: VGA_
        acpivideo1 at acpi0: VGA_
        acpivideo2 at acpi0: VGA_
        cpu0: 4022 MHz: speeds: 3900 3600 3000 2500 1900 MHz
        pci0 at mainbus0 bus 0
        pchb0 at pci0 dev 0 function 0 "AMD AMD64 15/1xh Host" rev 0x00
        "AMD AMD64 15/1xh IOMMU" rev 0x00 at pci0 dev 0 function 2 not configured
        ppb0 at pci0 dev 2 function 0 "AMD AMD64 15/1xh PCIE" rev 0x00: msi
        pci1 at ppb0 bus 1
        radeondrm0 at pci1 dev 0 function 0 "ATI Radeon HD 6850" rev 0x00
        drm0 at radeondrm0
        radeondrm0: msi
        azalia0 at pci1 dev 0 function 1 vendor "ATI", unknown product 0xaa88 rev 0x00: msi
        azalia0: no supported codecs
        ppb1 at pci0 dev 4 function 0 "AMD AMD64 15/1xh PCIE" rev 0x00: msi
        pci2 at ppb1 bus 2
        re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G (0x4c00), msi, address 44:8a:5b:d4:0f:a3
        rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
        xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0
        usb0 at xhci0: USB revision 3.0
        uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
        xhci1 at pci0 dev 16 function 1 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0
        usb1 at xhci1: USB revision 3.0
        uhub1 at usb1 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
        ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: msi, AHCI 1.3
        ahci0: port 0: 6.0Gb/s
        ahci0: port 1: 3.0Gb/s
        scsibus1 at ahci0: 32 targets
        sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 850, EMT0> naa.5002538d41e6d54d
        sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
        sd1 at scsibus1 targ 1 lun 0: <ATA, WDC WD5000AAKS-6, 06.0> naa.50014ee15834bd34
        sd1: 476940MB, 512 bytes/sector, 976773168 sectors
        ohci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        ehci0 at pci0 dev 18 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
        usb2 at ehci0: USB revision 2.0
        uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
        ohci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        ehci1 at pci0 dev 19 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
        usb3 at ehci1: USB revision 2.0
        uhub3 at usb3 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
        piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x16: polling
        iic0 at piixpm0
        spdmem0 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-10600
        spdmem1 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600
        azalia1 at pci0 dev 20 function 2 "AMD Hudson-2 HD Audio" rev 0x01: apic 0 int 16
        azalia1: codecs: Realtek/0x0887
        audio0 at azalia1
        pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11
        ppb2 at pci0 dev 20 function 4 "AMD Hudson-2 PCI" rev 0x40
        pci3 at ppb2 bus 3
        ohci2 at pci0 dev 20 function 5 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        pchb1 at pci0 dev 24 function 0 "AMD AMD64 15/1xh Link Cfg" rev 0x00
        pchb2 at pci0 dev 24 function 1 "AMD AMD64 15/1xh Address Map" rev 0x00
        pchb3 at pci0 dev 24 function 2 "AMD AMD64 15/1xh DRAM Cfg" rev 0x00
        km0 at pci0 dev 24 function 3 "AMD AMD64 15/1xh Misc Cfg" rev 0x00
        pchb4 at pci0 dev 24 function 4 "AMD AMD64 15/1xh CPU Power" rev 0x00
        pchb5 at pci0 dev 24 function 5 "AMD AMD64 15/1xh NB Power" rev 0x00
        usb4 at ohci0: USB revision 1.0
        uhub4 at usb4 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        usb5 at ohci1: USB revision 1.0
        uhub5 at usb5 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        isa0 at pcib0
        isadma0 at isa0
        com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
        com0: probed fifo depth: 15 bytes
        pckbc0 at isa0 port 0x60/5 irq 1 irq 12
        pckbd0 at pckbc0 (kbd slot)
        wskbd0 at pckbd0: console keyboard
        pcppi0 at isa0 port 0x61
        spkr0 at pcppi0
        lpt0 at isa0 port 0x378/4 irq 7
        usb6 at ohci2: USB revision 1.0
        uhub6 at usb6 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        vmm0 at mainbus0: SVM/RVI
        uhub7 at uhub5 port 1 configuration 1 interface 0 "ALCOR USB Hub 2.0" rev 2.00/7.02 addr 2
        uhidev0 at uhub7 port 3 configuration 1 interface 0 " USB Keyboard" rev 1.10/4.06 addr 3
        uhidev0: iclass 3/1
        ukbd0 at uhidev0: 8 variable keys, 6 key codes
        wskbd1 at ukbd0 mux 1
        uhidev1 at uhub7 port 3 configuration 1 interface 1 " USB Keyboard" rev 1.10/4.06 addr 3
        uhidev1: iclass 3/0, 2 report ids
        uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
        uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
        uhidev2 at uhub7 port 4 configuration 1 interface 0 "Logitech USB Receiver" rev 2.00/29.01 addr 4
        uhidev2: iclass 3/1
        ukbd1 at uhidev2: 8 variable keys, 6 key codes
        wskbd2 at ukbd1 mux 1
        uhidev3 at uhub7 port 4 configuration 1 interface 1 "Logitech USB Receiver" rev 2.00/29.01 addr 4
        uhidev3: iclass 3/1, 17 report ids
        ums0 at uhidev3 reportid 2: 16 buttons, Z and W dir
        wsmouse0 at ums0 mux 0
        uhid2 at uhidev3 reportid 3: input=4, output=0, feature=0
        uhid3 at uhidev3 reportid 4: input=1, output=0, feature=0
        uhid4 at uhidev3 reportid 16: input=6, output=6, feature=0
        uhid5 at uhidev3 reportid 17: input=19, output=19, feature=0
        vscsi0 at root
        scsibus2 at vscsi0: 256 targets
        softraid0 at root
        scsibus3 at softraid0: 256 targets
        sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
        sd2: 238472MB, 512 bytes/sector, 488391473 sectors
        root on sd2a (ae15c17b9037e886.a) swap on sd2b dump on sd2b
        initializing kernel modesetting (BARTS 0x1002:0x6739 0x174B:0x174B 0x00).
        radeondrm0: 1440x900, 32bpp
        wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0
        wskbd1: connecting to wsdisplay0
        wskbd2: connecting to wsdisplay0
        wsdisplay0: screen 1-5 added (std, vt100 emulation)
        syncing disks... done
        OpenBSD 6.6-beta (GENERIC.MP) #315: Wed Sep 18 19:01:31 MDT 2019
                [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
        real mem = 4217090048 (4021MB)
        avail mem = 4076605440 (3887MB)
        mpath0 at root
        scsibus0 at mpath0: 256 targets
        mainbus0 at root
        bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (55 entries)
        bios0: vendor American Megatrends Inc. version "V30.6" date 12/15/2014
        bios0: MSI MS-7721
        acpi0 at bios0: ACPI 5.0
        acpi0: sleep states S0 S3 S4 S5
        acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET UEFI IVRS SSDT SSDT CRAT SSDT SSDT SSDT
        acpi0: wakeup devices SBAZ(S4) P0PC(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) EHC3(S4) OHC4(S4) XHC0(S4) XHC1(S4) PE20(S4) PE21(S4) PE23(S4) PB2_(S4) PB3_(S4) [...]
        acpitimer0 at acpi0: 3579545 Hz, 32 bits
        acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
        cpu0 at mainbus0: apid 16 (boot processor)
        cpu0: AMD A8-6600K APU with Radeon(tm) HD Graphics, 4022.27 MHz, 15-13-01
        cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu0: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=0 observed drift=0
        cpu0: smt 0, core 0, package 0
        mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
        cpu0: apic clock running at 103MHz
        cpu0: mwait min=64, max=64, IBE
        cpu1 at mainbus0: apid 17 (application processor)
        TSC skew=70
        cpu1: AMD A8-6600K APU with Radeon(tm) HD Graphics, 4020.05 MHz, 15-13-01
        cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu1: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=70 observed drift=0
        cpu1: smt 1, core 0, package 0
        cpu2 at mainbus0: apid 18 (application processor)
        TSC skew=-149
        cpu2: AMD A8-6600K APU with Radeon(tm) HD Graphics, 4020.05 MHz, 15-13-01
        cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu2: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu2: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=-149 observed drift=0
        cpu2: smt 0, core 1, package 0
        cpu3 at mainbus0: apid 19 (application processor)
        TSC skew=-130
        cpu3: AMD A8-6600K APU with Radeon(tm) HD Graphics, 4020.05 MHz, 15-13-01
        cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
        cpu3: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 16-way L2 cache
        cpu3: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
        cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
        tsc_timecounter_init: TSC skew=-130 observed drift=0
        cpu3: smt 1, core 1, package 0
        ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 21, 24 pins
        acpimcfg0 at acpi0
        acpimcfg0: addr 0xe0000000, bus 0-255
        acpihpet0 at acpi0: 14318180 Hz
        acpiprt0 at acpi0: bus 0 (PCI0)
        acpiprt1 at acpi0: bus 3 (P0PC)
        acpiprt2 at acpi0: bus -1 (PE20)
        acpiprt3 at acpi0: bus -1 (PE21)
        acpiprt4 at acpi0: bus -1 (PE23)
        acpiprt5 at acpi0: bus 1 (PB2_)
        acpiprt6 at acpi0: bus -1 (PB3_)
        acpiprt7 at acpi0: bus 2 (PB4_)
        acpiprt8 at acpi0: bus -1 (PB5_)
        acpiprt9 at acpi0: bus -1 (PB6_)
        acpiprt10 at acpi0: bus -1 (PB7_)
        acpiprt11 at acpi0: bus -1 (PE22)
        acpicpu0 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpicpu1 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpicpu2 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpicpu3 at acpi0: C2(0@100 io@0x1771), C1(@1 halt!), PSS
        acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
        acpicmos0 at acpi0
        acpibtn0 at acpi0: PWRB
        "pnp0c14" at acpi0 not configured
        acpivideo0 at acpi0: VGA_
        acpivideo1 at acpi0: VGA_
        acpivideo2 at acpi0: VGA_
        cpu0: 4022 MHz: speeds: 3900 3600 3000 2500 1900 MHz
        pci0 at mainbus0 bus 0
        pchb0 at pci0 dev 0 function 0 "AMD AMD64 15/1xh Host" rev 0x00
        "AMD AMD64 15/1xh IOMMU" rev 0x00 at pci0 dev 0 function 2 not configured
        ppb0 at pci0 dev 2 function 0 "AMD AMD64 15/1xh PCIE" rev 0x00: msi
        pci1 at ppb0 bus 1
        radeondrm0 at pci1 dev 0 function 0 "ATI Radeon HD 6850" rev 0x00
        drm0 at radeondrm0
        radeondrm0: msi
        azalia0 at pci1 dev 0 function 1 vendor "ATI", unknown product 0xaa88 rev 0x00: msi
        azalia0: no supported codecs
        ppb1 at pci0 dev 4 function 0 "AMD AMD64 15/1xh PCIE" rev 0x00: msi
        pci2 at ppb1 bus 2
        re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G (0x4c00), msi, address 44:8a:5b:d4:0f:a3
        rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
        xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0
        usb0 at xhci0: USB revision 3.0
        uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
        xhci1 at pci0 dev 16 function 1 "AMD Bolton xHCI" rev 0x09: msi, xHCI 1.0
        usb1 at xhci1: USB revision 3.0
        uhub1 at usb1 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
        ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: msi, AHCI 1.3
        ahci0: port 0: 6.0Gb/s
        ahci0: port 1: 3.0Gb/s
        scsibus1 at ahci0: 32 targets
        sd0 at scsibus1 targ 0 lun 0: <ATA, Samsung SSD 850, EMT0> naa.5002538d41e6d54d
        sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
        sd1 at scsibus1 targ 1 lun 0: <ATA, WDC WD5000AAKS-6, 06.0> naa.50014ee15834bd34
        sd1: 476940MB, 512 bytes/sector, 976773168 sectors
        ohci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        ehci0 at pci0 dev 18 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
        usb2 at ehci0: USB revision 2.0
        uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
        ohci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        ehci1 at pci0 dev 19 function 2 "AMD Hudson-2 USB2" rev 0x11: apic 0 int 17
        usb3 at ehci1: USB revision 2.0
        uhub3 at usb3 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
        piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x16: polling
        iic0 at piixpm0
        spdmem0 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-10600
        spdmem1 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600
        azalia1 at pci0 dev 20 function 2 "AMD Hudson-2 HD Audio" rev 0x01: apic 0 int 16
        azalia1: codecs: Realtek/0x0887
        audio0 at azalia1
        pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11
        ppb2 at pci0 dev 20 function 4 "AMD Hudson-2 PCI" rev 0x40
        pci3 at ppb2 bus 3
        ohci2 at pci0 dev 20 function 5 "AMD Hudson-2 USB" rev 0x11: apic 0 int 18, version 1.0, legacy support
        pchb1 at pci0 dev 24 function 0 "AMD AMD64 15/1xh Link Cfg" rev 0x00
        pchb2 at pci0 dev 24 function 1 "AMD AMD64 15/1xh Address Map" rev 0x00
        pchb3 at pci0 dev 24 function 2 "AMD AMD64 15/1xh DRAM Cfg" rev 0x00
        km0 at pci0 dev 24 function 3 "AMD AMD64 15/1xh Misc Cfg" rev 0x00
        pchb4 at pci0 dev 24 function 4 "AMD AMD64 15/1xh CPU Power" rev 0x00
        pchb5 at pci0 dev 24 function 5 "AMD AMD64 15/1xh NB Power" rev 0x00
        usb4 at ohci0: USB revision 1.0
        uhub4 at usb4 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        usb5 at ohci1: USB revision 1.0
        uhub5 at usb5 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        isa0 at pcib0
        isadma0 at isa0
        com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
        com0: probed fifo depth: 15 bytes
        pckbc0 at isa0 port 0x60/5 irq 1 irq 12
        pckbd0 at pckbc0 (kbd slot)
        wskbd0 at pckbd0: console keyboard
        pcppi0 at isa0 port 0x61
        spkr0 at pcppi0
        lpt0 at isa0 port 0x378/4 irq 7
        usb6 at ohci2: USB revision 1.0
        uhub6 at usb6 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1
        vmm0 at mainbus0: SVM/RVI
        uhub7 at uhub5 port 1 configuration 1 interface 0 "ALCOR USB Hub 2.0" rev 2.00/7.02 addr 2
        uhidev0 at uhub7 port 3 configuration 1 interface 0 " USB Keyboard" rev 1.10/4.06 addr 3
        uhidev0: iclass 3/1
        ukbd0 at uhidev0: 8 variable keys, 6 key codes
        wskbd1 at ukbd0 mux 1
        uhidev1 at uhub7 port 3 configuration 1 interface 1 " USB Keyboard" rev 1.10/4.06 addr 3
        uhidev1: iclass 3/0, 2 report ids
        uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
        uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
        uhidev2 at uhub7 port 4 configuration 1 interface 0 "Logitech USB Receiver" rev 2.00/29.01 addr 4
        uhidev2: iclass 3/1
        ukbd1 at uhidev2: 8 variable keys, 6 key codes
        wskbd2 at ukbd1 mux 1
        uhidev3 at uhub7 port 4 configuration 1 interface 1 "Logitech USB Receiver" rev 2.00/29.01 addr 4
        uhidev3: iclass 3/1, 17 report ids
        ums0 at uhidev3 reportid 2: 16 buttons, Z and W dir
        wsmouse0 at ums0 mux 0
        uhid2 at uhidev3 reportid 3: input=4, output=0, feature=0
        uhid3 at uhidev3 reportid 4: input=1, output=0, feature=0
        uhid4 at uhidev3 reportid 16: input=6, output=6, feature=0
        uhid5 at uhidev3 reportid 17: input=19, output=19, feature=0
        vscsi0 at root
        scsibus2 at vscsi0: 256 targets
        softraid0 at root
        scsibus3 at softraid0: 256 targets
        sd2 at scsibus3 targ 1 lun 0: <OPENBSD, SR CRYPTO, 006>
        sd2: 238472MB, 512 bytes/sector, 488391473 sectors
        root on sd2a (ae15c17b9037e886.a) swap on sd2b dump on sd2b
        initializing kernel modesetting (BARTS 0x1002:0x6739 0x174B:0x174B 0x00).
        radeondrm0: 1440x900, 32bpp
        wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0
        wskbd1: connecting to wsdisplay0
        wskbd2: connecting to wsdisplay0
        wsdisplay0: screen 1-5 added (std, vt100 emulation)


---
prx

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Theo de Raadt-2
In reply to this post by joshua stein-3
>         unveil(/.config/.config/.local/share/.cache/dconf, rwc) failed: 2

Let me just say wow, what a schizophenic pathname.

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

joshua stein-3
In reply to this post by prx
On Sun, 22 Sep 2019 at 14:13:02 +0200, prx wrote:

> [snip]
> >
> > Everyone using firefox should definitely add its own usecases on top and
> > test this. The idea is to refine the paths list until we have something
> > we're confident with, then defaults will be pushed upstream. In the
> > meantime, we'll work with upstream to get the plumbing/logic commited,
> > as it can be done independentely from the paths list.
> >
> > If ppl have a hard time building with the patches, my beta pkgs for 70
> > available as usual at https://packages.rhaalovely.net/snapshots/amd64/
> >
>
> I installed the above package (thanks for this) and started firefox
> after deleting ~/.mozilla. It's crashing.
>
> Below some more details :
>
> $ firefox
> IPDL protocol error: main:
> unveil(/.config/.config/.local/share/.cache/dconf, rwc) failed: 2

Do you have XDG_CONFIG_HOME, XDG_DATA_HOME, or XDG_CACHE_HOME set in
your environment?

There is a pledge for $XDG_CACHE_HOME/dconf which should expand to
~/.cache/dconf unless you have XDG_CACHE_HOME set to something else.

> Segmentation fault (core dumped)

When pledge() fails, it calls mozilla::ipc::FatalError which
triggers MOZ_CRASH_UNSAFE, which calls abort(), so these crashes are
expected.

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Landry Breuil-5
On Sun, Sep 22, 2019 at 11:15:53AM -0500, joshua stein wrote:

> On Sun, 22 Sep 2019 at 14:13:02 +0200, prx wrote:
> > [snip]
> > >
> > > Everyone using firefox should definitely add its own usecases on top and
> > > test this. The idea is to refine the paths list until we have something
> > > we're confident with, then defaults will be pushed upstream. In the
> > > meantime, we'll work with upstream to get the plumbing/logic commited,
> > > as it can be done independentely from the paths list.
> > >
> > > If ppl have a hard time building with the patches, my beta pkgs for 70
> > > available as usual at https://packages.rhaalovely.net/snapshots/amd64/
> > >
> >
> > I installed the above package (thanks for this) and started firefox
> > after deleting ~/.mozilla. It's crashing.
> >
> > Below some more details :
> >
> > $ firefox
> > IPDL protocol error: main:
> > unveil(/.config/.config/.local/share/.cache/dconf, rwc) failed: 2
>
> Do you have XDG_CONFIG_HOME, XDG_DATA_HOME, or XDG_CACHE_HOME set in
> your environment?
>
> There is a pledge for $XDG_CACHE_HOME/dconf which should expand to
> ~/.cache/dconf unless you have XDG_CACHE_HOME set to something else.

How is the env var expansion supposed to work ? Fwiw i've reverted the env vars
locally in
https://cgit.rhaalovely.net/mozilla-firefox/commit/?h=unveil&id=595af5c9d77e489803da3068af91e588679d8017
and uploaded a fixed pkg that should work. Havent had actual time to dig
into it though... maybe my patchset isnt enough in sync, will look.

Landry

prx
Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

prx
In reply to this post by joshua stein-3
* joshua stein <[hidden email]> le [22-09-2019 11:15:53 -0500]:

> On Sun, 22 Sep 2019 at 14:13:02 +0200, prx wrote:
> > [snip]
> > >
> > > Everyone using firefox should definitely add its own usecases on top and
> > > test this. The idea is to refine the paths list until we have something
> > > we're confident with, then defaults will be pushed upstream. In the
> > > meantime, we'll work with upstream to get the plumbing/logic commited,
> > > as it can be done independentely from the paths list.
> > >
> > > If ppl have a hard time building with the patches, my beta pkgs for 70
> > > available as usual at https://packages.rhaalovely.net/snapshots/amd64/
> > >
> >
> > I installed the above package (thanks for this) and started firefox
> > after deleting ~/.mozilla. It's crashing.
> >
> > Below some more details :
> >
> > $ firefox
> > IPDL protocol error: main:
> > unveil(/.config/.config/.local/share/.cache/dconf, rwc) failed: 2
>
> Do you have XDG_CONFIG_HOME, XDG_DATA_HOME, or XDG_CACHE_HOME set in
> your environment?
>

None of them :

        $ echo $XDG_CONFIG_HOME - $XDG_DATA_HOME - $XDG_CACHE_HOME
        - -

But how could I know I need them ?
Should I set them in ~/.config/user-dirs.dirs? ?

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Matthieu Herrb-3
In reply to this post by joshua stein-3
On Fri, Sep 20, 2019 at 10:00:32AM -0500, joshua stein wrote:

> (I'm going to keep trying to send this until I get it right!)
>
>
> I've been working on enhancing the security of our Firefox port over
> the past couple weeks and would like some wider testing.
>
> - Firefox's GPU process gains pledge(2) support, now all three
>   process types (main, content, and gpu) are pledged.
>
> - The inet permission is removed from content processes as they work
>   without it.
>
> - All three process types gain unveil(2) support to limit filesystem
>   access.  Similar to our Chrome port, ~/Downloads and /tmp become
>   the only major directories that the main process can read from and
>   write to (aside from some other Firefox- and Gtk-specific
>   cache/support directories like ~/.mozilla) and that the content
>   process can read from for viewing files as file:// URLs.

Aftter light testing this works for me as intended. Also my settings
of XDG env variables seem to work.

Personnaly I don't like the restriction on reading files from a
usability point of view (but I understand the security reasoning), and
since Chrome users seeem to have accepted it, I will do the same with
Firefox.

A better solution would involve some confirmation dialog, telling
which file is read for which purpose (internal use by a web app, or
uploading to an external site, like nextcloud or mastodon, instagram
whatever). But this may not always be possible with modern web
technologies and is not in the scope of local patches to the OpenBSD
port. sigh.
--
Matthieu Herrb

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Klemens Nanni-2
In reply to this post by prx
On Sun, Sep 22, 2019 at 06:53:08PM +0200, prx wrote:
> * joshua stein <[hidden email]> le [22-09-2019 11:15:53 -0500]:
> > Do you have XDG_CONFIG_HOME, XDG_DATA_HOME, or XDG_CACHE_HOME set in
> > your environment?
> >
>
> None of them :
>
> $ echo $XDG_CONFIG_HOME - $XDG_DATA_HOME - $XDG_CACHE_HOME
> - -
Technically, that does not prove they're unset:

        $ XDG_CONFIG_HOME=
        $ echo $XDG_CONFIG_HOME

They most certainly are, but to really check whether a variable is unset
(so not even set to the empty string), I'd do

        $ set | grep -e ^XDG_
        XDG_CONFIG_HOME=
        $

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Landry Breuil-5
In reply to this post by Landry Breuil-5
On Sun, Sep 22, 2019 at 06:52:58PM +0200, Landry Breuil wrote:

> On Sun, Sep 22, 2019 at 11:15:53AM -0500, joshua stein wrote:
> > On Sun, 22 Sep 2019 at 14:13:02 +0200, prx wrote:
> > > [snip]
> > > >
> > > > Everyone using firefox should definitely add its own usecases on top and
> > > > test this. The idea is to refine the paths list until we have something
> > > > we're confident with, then defaults will be pushed upstream. In the
> > > > meantime, we'll work with upstream to get the plumbing/logic commited,
> > > > as it can be done independentely from the paths list.
> > > >
> > > > If ppl have a hard time building with the patches, my beta pkgs for 70
> > > > available as usual at https://packages.rhaalovely.net/snapshots/amd64/
> > > >
> > >
> > > I installed the above package (thanks for this) and started firefox
> > > after deleting ~/.mozilla. It's crashing.
> > >
> > > Below some more details :
> > >
> > > $ firefox
> > > IPDL protocol error: main:
> > > unveil(/.config/.config/.local/share/.cache/dconf, rwc) failed: 2
> >
> > Do you have XDG_CONFIG_HOME, XDG_DATA_HOME, or XDG_CACHE_HOME set in
> > your environment?
> >
> > There is a pledge for $XDG_CACHE_HOME/dconf which should expand to
> > ~/.cache/dconf unless you have XDG_CACHE_HOME set to something else.
>
> How is the env var expansion supposed to work ? Fwiw i've reverted the env vars
> locally in
> https://cgit.rhaalovely.net/mozilla-firefox/commit/?h=unveil&id=595af5c9d77e489803da3068af91e588679d8017
> and uploaded a fixed pkg that should work. Havent had actual time to dig
> into it though... maybe my patchset isnt enough in sync, will look.

My patchset wasnt in sync with what jcs@ had posted to bugzilla,
currently building with updated patches which should work. Will upload
the resulting pkgs tmrw morning.. sorry for the mixup.

Landry

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

Anatoli
In reply to this post by joshua stein-3
> But to clarify, I'm not proposing to commit what I'm sending out,
> this is just to get feedback from Firefox users so I can refine the
> changes that are going upstream.  Then once they are committed or at
> least slated for inclusion, we can figure out how to integrate them
> into our port(s) and patch up any hard-coded paths.
>

Joshua, thanks a lot for your great work!

With the proposed patch the overall security improvement is really
large, but I see 3 ways how it could be circumvented. A compromised ff
process:

1. writes prefs.js in ~/.mozilla/firefox/profile/prefs.js, setting the
security.sandbox prefs for unrestricted access, restarts itself (via a
crash, programmatically or by user), gets unrestricted access.

2. changes files in ~/.mozilla in such a way as to trigger an unknown
vulnerability in the ff initialization logic that is executed before
unveil() is locked, restarts itself, gets unrestricted access.

3. changes (user-owned) files of other programs in /tmp in such a way as
to trigger an unknown vulnerability in some other un-unveiled app like
say libreoffice or messes with sockets trying to find its way out. This
way it doesn't escalate its privs up or compromises another user, but it
gains un-unveiled/un-pledged execution. recently-used.xbel probably
shouldn't be allowed at all.


I believe the following changes could mitigate these escapes:

1. It could be decided which paths are customizable and which are not.
Those that are not (i.e. system-wide paths and some paths in home)
should be hardcoded. Those that are customizable (inside home like
~/Downloads, but not many more) could be processed like the patch proposes.

~/Downloads on non-English installs could be another folder (~/Descargas
in Spanish) and it's a setting: browser.download.dir. Its value should
be retrieved from there IMO and this way there would be no (many)
customizable paths.

If there are paths that do need to be user-customizable, they could be
read from a dedicated file in ~/.mozilla/, to which unveil would only
give read access, so a compromised ff process can't modify it. This
would mitigate the 1st escape.

2. FF could be made to write tmp files to its own dir, i.e. instead of
/tmp/xxx it could write its temp stuff to /tmp/firefox/xxx and unveil
/tmp/firefox instead of the entire /tmp. This would mitigate the 3rd escape.

3. In order to mitigate the 2nd escape, the non-customizable hardcoded
paths should be unveil()ed ASAP (i.e. on the 1st line inside main()) and
then the process would continue refining the needed paths while
initializing and reading configs (like browser.download.dir). For tmp
case, on the 1st line in main() /tmp/firefox would be unveiled and
later, once the tmp folder for the current profile & session is
known/created, it would be restricted further to /tmp/firefox/xxx.

The last point supposes that it's possible to progressively drop access
to fs which is not available with unveil at this moment. I'd like to
work on this extension (I call it veil()) and this case could serve as
one of the possible use-cases of why it could be useful.

Regards,
Anatoli

Reply | Threaded
Open this post in threaded view
|

Re: www/mozilla-firefox: add unveil and enhance pledge support [3rd time's a charm]

joshua stein-3
On Mon, 23 Sep 2019 at 18:46:58 -0300, Anatoli wrote:

> > But to clarify, I'm not proposing to commit what I'm sending out,
> > this is just to get feedback from Firefox users so I can refine the
> > changes that are going upstream.  Then once they are committed or at
> > least slated for inclusion, we can figure out how to integrate them
> > into our port(s) and patch up any hard-coded paths.
> >
>
> Joshua, thanks a lot for your great work!
>
> With the proposed patch the overall security improvement is really
> large, but I see 3 ways how it could be circumvented. A compromised ff
> process:
>
> 1. writes prefs.js in ~/.mozilla/firefox/profile/prefs.js, setting the
> security.sandbox prefs for unrestricted access, restarts itself (via a
> crash, programmatically or by user), gets unrestricted access.
>
> 2. changes files in ~/.mozilla in such a way as to trigger an unknown
> vulnerability in the ff initialization logic that is executed before
> unveil() is locked, restarts itself, gets unrestricted access.

I don't like the pledge and unveil settings being in preferences for
these and other reasons, but it's currently what Mozilla people are
asking for in order to get reviewed/upstreamed and is how their own
sandboxing on other platforms is controlled
(security.sandbox.content.level can be changed on Linux for
example).

In the end, this task of upstreaming these patches may be too
difficult or insecure and I'll go back to reading from root-owned
files in /etc/firefox like our Chromium port does, having to carry
our own patches for each release.  I'm not sure what the plan is
yet.

But in the meantime, you can try setting the unveil for ~/.mozilla
in security.sandbox.unveil.content to just "r" instead of "rwc".  It
seems to work here but it might break something obscure.  Be sure to
restart Firefox after making changes to those preferences.

> 3. changes (user-owned) files of other programs in /tmp in such a way as
> to trigger an unknown vulnerability in some other un-unveiled app like
> say libreoffice or messes with sockets trying to find its way out. This
> way it doesn't escalate its privs up or compromises another user, but it
> gains un-unveiled/un-pledged execution.

I don't think mitigating such an attack is the responsibility of
Firefox, but yes, having GetSpecialSystemDirectory return a
subdirectory of /tmp being the only thing accessible to Firefox
would be more secure by further restricting what else it can see.

> 1. It could be decided which paths are customizable and which are not.
> Those that are not (i.e. system-wide paths and some paths in home)
> should be hardcoded. Those that are customizable (inside home like
> ~/Downloads, but not many more) could be processed like the patch proposes.
>
> ~/Downloads on non-English installs could be another folder (~/Descargas
> in Spanish) and it's a setting: browser.download.dir. Its value should
> be retrieved from there IMO and this way there would be no (many)
> customizable paths.

That is good to know.  I'll have to see where that is localized and
make it dynamic in the unveil list.

12