* Theo Buehler wrote:
> On Mon, Jan 27, 2025 at 08:26:28PM +0000, Stuart Henderson wrote:
> > On 2025/01/27 20:09, Matthias Schmidt wrote:
> > > * Stuart Henderson wrote:
> > > >
> > > > Not perfect but this will probably work and it can be removed again
> > > > with a later update if things are improved in the aws-lc-* crates.
> > > >
> > > > any test reports, oks?
> > >
> > > With your patch I can compile and start ncspot. It shows me a link to
> > > Spotify's OAuth page and after successful authentication it crashes with
> > > a segfault.
> > >
> > > Thread 1 received signal SIGSEGV, Segmentation fault.
> > > 0x00000ef3c58ea5a3 in curve25519_x25519base_byte ()
> > > (gdb) bt
> > > #0 0x00000ef3c58ea5a3 in curve25519_x25519base_byte ()
> > > #1 0xad889b2f844e08e0 in ?? ()
> > > #2 0xc438665a13e05496 in ?? ()
> > > #3 0x37a5a35e7b1de8ea in ?? ()
> > > #4 0x3bbce3858af31749 in ?? ()
> > > #5 0x0000000000000000 in ?? ()
> > >
> > > Sorry no useable backtrace here. If someone has an idea how to compile
> > > the code with debug symbols, I can rebuild and provide a useable
> > > backtrace.
> >
> > hmmm, I don't think this is BTI then - check to make sure it linked
> > correctly with readelf -e /usr/local/bin/ncspot|grep OPENBSD and you
> > should have an OPENBSD_NOBTCFI - but I'd expect SIGILL not SIGSEGV
> > if you were hitting a BTI prpblem.
$ readelf -e /usr/local/bin/ncspot|grep OPENBSD
OPENBSD_RANDOM 0x000000000139c6f8 0x000000000139e6f8 0x000000000139e6f8
OPENBSD_NOBTCF 0x0000000000000000 0x0000000000000000 0x0000000000000000
> > Sorry no idea about debug symbols in rust, though that seems more
> > like a scrambled stack than just due to lacking symbols to me.
> >
> > I don't suppose there's a way to trigger this without an account
> > is there?
No, IMP you need also a paid account to use ncspot.
> A ktrace might shed some light on the matter.
I uploaded a gzipped ktrace to https://xosc.org/misc/ncspot.trace.gz
Cheers
Matthias
> However, it's also not xonly clean, so adding USE_NOEXECONLY=Yes will
> be worth a try:
>
> // ****************************************************************************
> // The precomputed data (all read-only). This is currently part of the
> // same
> // text section, which gives position-independent code with simple
> // PC-relative
> // addressing. However it could be put in a separate section via
> // something like
> //
> // .section .rodata
> // ****************************************************************************
No comments:
Post a Comment