> > On 2024/09/23 20:26, Stuart Henderson wrote:
> > > This is done in a content process:
> > >
> > > firefox(1142): pledge sysctl 2: 7 3
> > > firefox[1142]: pledge "", syscall 202
> > >
> > > Looking at sys/arch/arm64/include/cpu.h I think this translates to
> > > machdep.id_aa64isar1 (I tried running it under ktrace but I just get
> > > very fast-running fans and a frozen machine).
The normal ports version of dav1d uses elf_aux_info (handled by
ld.so/libc so unrestricted by pledge afaik), but the (newer) one bundled
with Firefox has some OpenBSD-specific code added using this sysctl.
The diff below at least helps with the pledge and, seeing as
CPU_ID_AA64ISAR0 is already permitted, I don't think there's much reason
not to permit CPU_ID_AA64ISAR1 too.
Even with this, Firefox crashes not long afterwards anyway (e.g.
if opening www.theguardian.com) and that doesn't seem BTCFI-related
so I suppose this diff is not urgent for fixing Firefox unless the
further SIGILL problem can be tracked down.
For other software, looking at codesearch.debian.net:
- golang.org/x/sys/cpu/cpu_openbsd_arm64 uses this sysctl too (at least
in some versions) and some go software is pledged. Not sure how much
that cpu detect code is exposed though.
- rust library/stdarch/crates/std_detect too; rust code is less likely
to be pledged itself, but is more likely to find its way into a shared
library which is then run from a pledged proc. Again not sure how much
it's exposed.
Still, I think this probably makes sense to allow.
Index: kern_pledge.c
===================================================================
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
diff -u -p -r1.319 kern_pledge.c
--- kern_pledge.c 4 Sep 2024 07:45:08 -0000 1.319
+++ kern_pledge.c 23 Sep 2024 20:46:28 -0000
@@ -998,6 +998,12 @@ pledge_sysctl(struct proc *p, int miblen
return (0);
No comments:
Post a Comment