guest - flak

network transparent audio with sndiod and vmd

Another way to isolate untrusted media players is to run them in a virtual machine. I was joking with mlarkin that if he’s run out of things to work on, he can add audio emulation to vmd. But of course, this is actually pretty easy to do (playing sounds, not emulating audio), thanks to network support in sndiod.

The setup is fairly easy. To export the audio device on the host side, run sndiod. Or kill and restart, or whatever.

sndiod -L 10.1.0.19

On the guest side, specifying the audio device can vary by program, but the default can be set via environment variable.

env AUDIODEVICE=snd@10.1.0.19/0 mpg123 song31.mp3

And with that...

BSD fight buffer reign
Flowing blood in circuit vein
Quagmire, Hellfire, RAMhead Count
Puffy rip attacker out
.

Posted 2017-05-27 21:08:34 by tedu Updated: 2017-05-27 21:08:34
Tagged: openbsd

openbsd changes of note 622

Catching up to current.

Don’t let windows fall off the end of the world in calmwm.

Remove last remnants of rtsol in the intaller, netstart, everywhere.

Allow setting of guest MSRs from vmd, a prerequisite for migration. Also add support for reading and writing device state.

Use freezero in many places in libcrypto.

Resynchronize the guest RTC via vmmci when the host resumes from suspend. Only for OpenBSD guests.

Provide pluggable queueing interface for pf, hiding H-FSC behind an abstraction layer. What could be next?

Revise octeon MDIO driver. Lets all the ethernet ports on the EdgeRouter Pro work.

Introduce an inline function sstosa to convert struct sockaddr_storage to struct sockaddr in a typesafe manner instead of sprinkling casts everywhere.

Continue reading openbsd changes of note 622...

Posted 2017-05-21 16:41:49 by tedu Updated: 2017-05-21 16:41:49
Tagged: openbsd

experiments with prepledge

MP3 is officially dead, so I figure I should listen to my collection one last time before it vanishes entirely. The provenance of some of these files is a little suspect however, and since I know one shouldn’t open files from strangers, I’d like to take some precautions against malicious malarkey. This would be a good use for pledge, perhaps, if we can get it working.

At the same time, an occasional feature request for pledge is the ability to specify restrictions before running a program. Given some untrusted program, wrap its execution in a pledge like environment. There are other system call sandbox mechanisms that can do this (systrace was one), but pledge is quite deliberately designed not to support this. But maybe we can bend it to our will.

Continue reading experiments with prepledge...

Posted 2017-05-20 16:28:36 by tedu Updated: 2017-05-20 16:28:36
Tagged: c openbsd programming

documentation is thoroughly hard

Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control.

A fine example is the old OpenBSD install instructions. Once you’ve installed OpenBSD once or twice, the process is quite simple, but you’d never know this based on reading the instructions. Compare the files for 4.8 INSTALL and 5.8 INSTALL. Both begin with a brief intro to the project. Then 4.8 has an enormous list of mirrors, which seems fairly redundant if you’ve already found the install file. Followed by an enormous list of every supported variant of every supported device. Including a table of IO port configurations for ISA devices. Finally, after 1600 lines of introduction we get to the actual installation instructions. (Compared to line 231 for 5.8.) This includes a full page of text about how to install from tape, which nobody ever does. It took some time to recognize that all this documentation was actually an impediment to new users. Attempting to answer every possible question floods the reader with information for questions they were never planning to ask.

Continue reading documentation is thoroughly hard...

Posted 2017-05-18 20:24:42 by tedu Updated: 2017-05-19 02:48:31
Tagged: openbsd software

openbsd changes of note 621

More stuff, more fun.

Fix script to not perform tty operations on things that aren’t ttys. Detected by pledge.

New strstr implementation from musl using the much faster two way matching algorithm.

Provide TCB (thread control block) macros for mips64. Now every arch has them.

Add a NAT-T keepalive timer to iked.

In the arm64 pmap, switch pool allocators to avoid running out of KVA when the system is busy.

Merge libdrm 2.4.79.

Prevent cvs server process from reading and buffering too much data when the network is slower than the disk. The flow control mechanism detected this, but the message to slow down wasn’t actually being processed by the reader loop in time, leading to memory exhaustion.

Continue reading openbsd changes of note 621...

Posted 2017-05-15 16:23:04 by tedu Updated: 2017-05-19 22:28:26
Tagged: openbsd

observations re packet socket exploit

A few thoughts I had after reading Exploiting the Linux kernel via packet sockets. Not really about the exploit itself, but what it reveals about the state of systems security.

“It should be noted that if a kernel has unprivileged user namespaces enabled, then an unprivileged user is able to create packet sockets.”

Two types of privilege restriction are currently in vogue. There’s the seccomp/pledge model of restricting access to system calls, often referred to as sandboxes. Then there’s the jail/container approach. Hey, sure, give away root access because it’s not really root. Pseudo virtualization. In some sense, these two approaches are similar. Take some code, let it do some stuff, hope it can’t do too much.

Continue reading observations re packet socket exploit...

Posted 2017-05-10 18:41:52 by tedu Updated: 2017-05-10 18:41:52
Tagged: security thoughts

HP Chrome Print fuckup du jour

Long story short, printing on a chromebook is still fucked, and now the incompetent dickheads who write drivers for HP have made things worse. With time and effort, however, one can still repair the damage. Writing this up in case somebody finds it useful, and because I have little doubt I’ll be referring to it again in the near future.

First, the problem: printing from a chromebook to a local network printer no longer works. There is an extension that used to make this possible. If one reads the reviews, one will quickly notice the many, many one star reviews saying that it doesn’t work. In particular, it used to work, but after the March 20 update it completely unhelpfully and uselessly does nothing but say “Printing unsuccessful”. That was more than a month ago. The rockstar talent at HP is apparently on tour and too busy to fix this.

Here’s the insane workaround. First we need the old version of the extension. Obviously Google will never let us have it, but there’s an archive site. Here’s the previous print extension. Download that. Rename the file to zip. Create a new folder and extract the contents of the zip file. Rename the _metadata folder to not_metadata. Open the chrome extensions panel. Delete the old HP Print extension. Flip into developer mode. Add an unpacked extension. Add back the printer IP address and rejoice.

For bonus fun, talk your mom through this procedure over the phone.

Posted 2017-04-30 22:00:17 by tedu Updated: 2017-04-30 22:00:17
Tagged: bugs rants software web

vuln disclosure and risk equilibrium

Some thoughts based on a series of tweets.

“For offence, it doesn’t matter whether the vendor knows a vulnerability exists, it only matters whether the attack works against a target. Fetishising 0day leads to bizarre situations where ppl think that making more vulnerabilities known to more people reduces risk. Fetishising 0day means that people think once a vulnerability is public there’s some sort of automagic immunity.”

So is it possible for disclosing a vulnerability to result in net harm? Maybe, in some circumstances, with some assumptions.

It’s interesting to consider the case of CVE-2016-4657. This is the webkit vulnerability detected when somebody sent a 0day exploit link to an activist. Instead of visiting, he forwarded the link and the malware (Trident/Pegasus) was detected. The bug was of course fixed. But then sometime later, this same vulnerability turned up in the Nintendo Switch. They hadn’t updated their version of webkit, even though the vulnerability was widely known.

Continue reading vuln disclosure and risk equilibrium...

Posted 2017-04-19 14:37:49 by tedu Updated: 2017-04-19 14:39:16
Tagged: security thoughts

careful with the chrome HSTS

Updated to chrome and noticed I couldn’t login to my own site.

www.tedunangst.com normally uses encryption to protect your information. When Google Chrome tried to connect to www.tedunangst.com this time, the website sent back unusual and incorrect credentials.

That’s mostly not wrong, although the “this time” is. The cert has never been fully trusted by chrome, but I click through because I’m a bad person. This time, however, there was no option to do so.

You cannot visit www.tedunangst.com right now because the website uses HSTS.

I mean, yes, I set the HSTS header, but that was with the same cert that chrome is now insisting can’t be trusted. Why in the world would you permanently store “must have trusted cert” on the basis of an untrusted cert?

I suppose this warning is too late to save anyone, but you can clear HSTS sites if necessary via chrome://net-internals/#hsts.

Posted 2017-04-14 18:59:59 by tedu Updated: 2017-04-14 18:59:59
Tagged: bugs rants web

openbsd changes of note 620

6.1 is old news.

Add 8265 and 3168 support to the iwm driver.

Zero some more kernel memory before use, to prevent padding leaks if the structures ever change.

Some changes to libtls. Allow retrieving the cert chain. This somewhat contradicts my original mandate for libtls that it not expose any gnarly X.509 details to the user, but certs are a fact of life and if you have to build a cert chain downloading tool, you’d want to use the cool API, no? Reality eventually corrupts all our dreams. Also, sneak peak, some adjustment to library internals to allow relayd’s privsep engine to work with libtls.

Give tmux clients names. There have been lots of small improvements to tmux over the past six months which haven’t seemed notable in isolation, but shoutout to all the little fixes, too.

Refinements to syslogd’s internal logging code. More consistency, less snowflake.

The neverending project to add sizes to free calls in the kernel is closer to ending.

64 bit bus address support for the msk driver, required for onboard nic in the Overdrive 1000 to work. And use MSI.

Quiesce sensors during suspend and resume so that callbacks aren’t running for detached drivers.

Introduce freezero to libc, a function that combines explicit_bzero and free, but in a potentially optimal way if the memory can be directly unmapped. Use it in a bunch of places.

Mention the installer bug that has the consequence that some users must remove a trailing /6.1 from the uri in the installurl file.

Posted 2017-04-12 16:27:57 by tedu Updated: 2017-04-12 16:27:57
Tagged: openbsd