Friday, September 29, 2023

Re: Bought a new Intel laptop? Test packages!

Christian Weisgerber <naddy@mips.inka.de> wrote:
> If you bought a new Intel laptop this year, chances are its hardware
> is capable of IBT (indirect branch tracking), and OpenBSD now enables
> this security feature by default.
>
> It is very likely that some packages are broken at runtime because
> they fail to handle IBT. This doesn't show up at build time, so
> people need to actually run their favorite packages from a snapshot
> _now_ and need to report SIGILL failures, or those problems will
> not be fixed in time for the release.

I gave the ports that depend on boost-context a spin, after running into
issues trying out the Taisei Project update [0].

I used this command to hopefully find all the programs that potentially
consume boost-context:

sqlite3 /usr/local/share/sqlports <<'_EOF'
SELECT FullPkgPath FROM PortsQ WHERE
(BUILD_DEPENDS LIKE '%devel/boost,-md%' OR
LIB_DEPENDS LIKE '%devel/boost,-md%' OR
WANTLIB LIKE '%boost_context-mt%') AND
USE_NOBTCFI IS NULL
ORDER BY FullPkgPath;
_EOF

which returned

- games/wesnoth: didn't find issues playing the campaign, nor I found
any clear usage of boost::context or boost::coroutine grepping the
code around.
- net/icinga/core2,-main: didn't find issues running it in foreground
nor any clear usage of boost::context or boost::coroutine grepping
the code, other than printing a backtrace (but I get the feeling it
can be hidden in boost::asio)
- net/powerdns_recursor: SIGILLs on start. otto@ in cc.
- sysutils/nix: tbh, I have no clue on how to test it.

Lucas

No comments:

Post a Comment