Friday, September 29, 2023

Re: Bought a new Intel laptop? Test packages!

Lucas <lucas@sexy.is> wrote:
> Christian Weisgerber <naddy@mips.inka.de> wrote:
> > If you bought a new Intel laptop this year, chances are its hardware
> > is capable of IBT (indirect branch tracking), and OpenBSD now enables
> > this security feature by default.
> >
> > It is very likely that some packages are broken at runtime because
> > they fail to handle IBT. This doesn't show up at build time, so
> > people need to actually run their favorite packages from a snapshot
> > _now_ and need to report SIGILL failures, or those problems will
> > not be fixed in time for the release.
>
> I gave the ports that depend on boost-context a spin, after running into
> issues trying out the Taisei Project update [0].

[0]: https://marc.info/?l=openbsd-ports&m=169502072928204&w=2

Thanks kn for pointing out that I forgot the link.

> I used this command to hopefully find all the programs that potentially
> consume boost-context:
>
> sqlite3 /usr/local/share/sqlports <<'_EOF'
> SELECT FullPkgPath FROM PortsQ WHERE
> (BUILD_DEPENDS LIKE '%devel/boost,-md%' OR
> LIB_DEPENDS LIKE '%devel/boost,-md%' OR
> WANTLIB LIKE '%boost_context-mt%') AND
> USE_NOBTCFI IS NULL
> ORDER BY FullPkgPath;
> _EOF
>
> which returned
>
> - games/wesnoth: didn't find issues playing the campaign, nor I found
> any clear usage of boost::context or boost::coroutine grepping the
> code around.
> - net/icinga/core2,-main: didn't find issues running it in foreground
> nor any clear usage of boost::context or boost::coroutine grepping
> the code, other than printing a backtrace (but I get the feeling it
> can be hidden in boost::asio)
> - net/powerdns_recursor: SIGILLs on start. otto@ in cc.
> - sysutils/nix: tbh, I have no clue on how to test it.
>
> Lucas

No comments:

Post a Comment