making security sausage

Security may be a process, not a product, but security patches are definitely a product. Some reflections on a few recent experiences making security sausage, er, patches.

I appear to have found myself in the position of OpenBSD sausage grinder even though it’s not a great fit. It’s not in my temperament to care about yesterday’s problems after they’re fixed, nor am I enthusiastic about long term support. I mostly run current, so I don’t have much personal interest in fixing stable. Unfortunately, I wrote the tool used for signing patches which somehow turned into a responsibility for also creating the inputs to be signed. That was not the plan!

Continue reading making security sausage...

Posted 2015-03-20 05:00:03 by tedu Updated: 2015-03-20 05:00:03
Tagged: openbsd security software thoughts

invented by openbsd

The primary product of the OpenBSD project is the OpenBSD operating system, but sometimes other artifacts are produced as byproducts. Avant-garde web site design, funny email threads. Also, reusable code that can be beneficial to other developers, outside the strict confines of OpenBSD.

Unfortunately, sometimes this code doesn’t see the widest distribution. Often this can be the result of Not Invented Here syndrome, though other times it takes the appearance of a more pernicious problem. Invented by OpenBSD.

It was brought to my attention that NetBSD recently imported two OpenBSD functions, but reimplemented them in such a way as to be dangerously incompatible.


Continue reading invented by openbsd...

Posted 2015-03-10 07:03:09 by tedu Updated: 2015-03-17 02:43:31
Tagged: openbsd rants software

now or never exec

Some early followup from efforts to improve browser security with more details about possible refinements to W^X.


The first obvious improvement would be to simply enforce W^X in the kernel. Userland isn’t ready, not nearly ready, for this change, though of course making such a change would go a long way towards assessing success. How do we know we’re done until we know there cannot be any W|X mappings? (Referring here to ports and the extended userland. OpenBSD userland is ready.)

By itself, this is a trivial two line change to mmap.

Continue reading now or never exec...

Posted 2015-03-10 04:07:37 by tedu Updated: 2015-03-10 04:07:37
Tagged: openbsd security

no, i'm not running git

WTF is this? No, this is not a git mirror. Not here, not there, not anywhere.

Continue reading no, i’m not running git...

Posted 2015-03-07 03:42:13 by tedu Updated: 2015-03-07 03:42:13
Tagged: bugs rants web

zero size objects

What’s the difference between the following length and pointer pairs?

Continue reading zero size objects...

Posted 2015-02-15 10:26:55 by tedu Updated: 2015-02-18 21:41:40
Tagged: c programming

the wiki box is out of control

I’m guessing only a few wikipedia editors view articles about smartphones using a smartphone.

At least now I know the iPhone 6 has a slate form factor.

Posted 2015-02-15 10:25:36 by tedu Updated: 2015-02-15 10:25:36
Tagged: rants

another subtle string function

Recently was reminded of an old string handling function I used for programming interviews.

My original programming interview question started with a short C function that did something a little unusual to a string. When asked to describe its behavior, many candidates initially see the general outline of the function and then have difficulty seeing what the real code does when it differs from their expectations.

Reactions from candidates varied, although were usually pretty muted, given they wanted the job and weren’t likely to complain too loudly. Other interviewers, however, usually provided feedback between “That’s mean.” and “What? Why?”. The why is answered in the previous post, although opinions varied as to how likely one was to encounter such code in the wild. In refactoring some code, I ran into something fairly similar, and then had the exact issue I was testing for, only seeing what I was hoping to see.

Continue reading another subtle string function...

Posted 2015-02-10 23:31:09 by tedu Updated: 2015-02-10 23:40:05
Tagged: c programming

US Firefox dictionary for OpenBSD

The OpenBSD Firefox package includes the en-GB dictionary. This results in lots of red squiggly lines. There are additional en language packs localized for AU, CA, GB, and ZA, but no US package. There is also a firefox-i18n-en-US package but it doesn’t do anything except print a message that you can change the useragent locale from its default of... en-US.

If you want an Americanized spelling dictionary, you’re out of luck. Debian to the rescue! Start with the hunspell source package page and download the big orig.tar.gz file. Extract it and copy the two en_US files to /usr/local/share/mozilla-dicts/. Restart Firefox and right click in a text area to change language.

Save a step! This is apparently just a bug in Firefox because it should also be looking in /usr/local/lib/firefox-*/dictionaries which includes US dictionary files. These files are a little different (smaller), but they too could simply be copied or symlinked into the above location.

Posted 2015-02-10 06:13:11 by tedu Updated: 2015-02-10 09:40:30
Tagged: openbsd software

the stack overflow that wasn't

There was a recent bug in OpenBSD install kernels. At random times during the install, messages like the following would appear:

Continue reading the stack overflow that wasn’t...

Posted 2015-02-08 23:54:54 by tedu Updated: 2015-02-09 12:16:47
Tagged: openbsd

heartbleed in rust

More ghostly followup. There was a thread on Hacker News wherein it was claimed that using rust would have prevented Heartbleed. Specifically, it would not have even compiled. That sounds like a challenge!

The thread starts about here. I don’t mean to single out the participants, but the claim about preventing Heartbleed is nicely specific. Unlike vaguer claims about memory safety in general, this is a particular claim which we can test.

Now, I don’t intend to write a full blown TLS stack in rust, so I will have to take some shortcuts and reduce the scope of the problem slightly. Hopefully the simulacrum retains the essence of the problem. Simply stated, our objective is to write a program which reads a file (packet) from the filesystem (network), and then echoes it back. The length of the echo request will be encoded as a single byte with data to follow. This is equivalent to the TLS heartbeat functionality. Our program will operate on two such packets, yourping and myping, and write out yourecho and myecho. If any data from your packet bleeds into my packet, we have a problem: heartbleed.

Continue reading heartbleed in rust...

Posted 2015-02-02 06:37:18 by tedu Updated: 2015-03-17 22:38:20
Tagged: c programming rust security