From owner-freebsd-stable@FreeBSD.ORG Sat Oct 3 22:39:42 2009 Return-Path: Delivered-To: stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AAA5B106568B for ; Sat, 3 Oct 2009 22:39:42 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.cksoft.de (mail.cksoft.de [195.88.108.3]) by mx1.freebsd.org (Postfix) with ESMTP id 6391A8FC21 for ; Sat, 3 Oct 2009 22:39:42 +0000 (UTC) Received: from localhost (amavis.fra.cksoft.de [192.168.74.71]) by mail.cksoft.de (Postfix) with ESMTP id 3946841C749; Sun, 4 Oct 2009 00:29:19 +0200 (CEST) X-Virus-Scanned: amavisd-new at cksoft.de Received: from mail.cksoft.de ([195.88.108.3]) by localhost (amavis.fra.cksoft.de [192.168.74.71]) (amavisd-new, port 10024) with ESMTP id huClnpqDeGHT; Sun, 4 Oct 2009 00:29:18 +0200 (CEST) Received: by mail.cksoft.de (Postfix, from userid 66) id 6D6B541C736; Sun, 4 Oct 2009 00:29:18 +0200 (CEST) Received: from maildrop.int.zabbadoz.net (maildrop.int.zabbadoz.net [10.111.66.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.int.zabbadoz.net (Postfix) with ESMTP id 110824448E6; Sat, 3 Oct 2009 22:27:39 +0000 (UTC) Date: Sat, 3 Oct 2009 22:27:39 +0000 (UTC) From: "Bjoern A. Zeeb" X-X-Sender: bz@maildrop.int.zabbadoz.net To: Andre Albsmeier In-Reply-To: <20091003212308.GA3122@curry.mchp.siemens.de> Message-ID: <20091003215821.V26486@maildrop.int.zabbadoz.net> References: <20091003184220.GA2620@curry.mchp.siemens.de> <20091003212308.GA3122@curry.mchp.siemens.de> X-OpenPGP-Key: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: jhell , stable@freebsd.org Subject: Re: security.bsd.map_at_zero=0 problem with samba33 (including solution) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Oct 2009 22:39:42 -0000 On Sat, 3 Oct 2009, Andre Albsmeier wrote: Hi, > On Sat, 03-Oct-2009 at 16:27:32 -0400, jhell wrote: >> On Sat, 3 Oct 2009 14:42 -0000, Andre.Albsmeier wrote: >> >>> FYI, >>> >>> after setting security.bsd.map_at_zero to 0 on 7.2-STABLE all >>> samba33 programmes did abort() immediately after start. The >>> solution was to use >>> >>> CONFIGURE_ARGS+= --disable-pie >>> >>> -Andre >>> >> >> To add an additional note samba33 even when not running (not enabled by a rcvar) >> also runs a tdbcleanup routine on shutdown and/or start that also does >> abort(). > > Yes, every samba programme is linked with -pie per default (so > all abort()). Thanks for reporting the issue. People are aware of the problem now and we'll try to present a solution within the next days for better position-independent executable (PIE) handling. Meanwhile there are multiple solutions for people affected: (1) recompile the port; but as more than just samba might be affected and we generally do not want to flip the pie switch everywhere that's probably only a temporary, private solution. At the current time ports people should NOT commit any changes to add this option to ports to work around the problem. (2) If you are on 7.x or 6.x, and you are experiencing this problem you flipped the sysctl or tunable yourself. If you are on 8.x or 9.x the feature is enabled by default. As hinted in the errata notice[1] you can use the tunable or sysctl to change the behaviour, (temporary) allowing 0-mappings, if you can accept the possible risk the change tries to mitigate. The tunable/sysctl in question is: security.bsd.map_at_zero and should be set to 1 to permit 0-mappings. This might be the easier option in contrast to (1). If you do this do not forget to change it back again once the issue will be patched. You should also make sure that you are running with a fully patched kernel. As we will try to keep the default in 8.x and 9.x to disallow user mappings at virtual address 0, we are interested in further issues that were not yet metnioned in either this thread or the Errata Notice. /bz [1] http://security.freebsd.org/advisories/FreeBSD-EN-09:05.null.asc -- Bjoern A. Zeeb It will not break if you know what you are doing.