Re: Pledge(2) appears to kill /usr/bin/openssl enc....

Fri, 16 Oct 2015 21:27:07 -0700 

>  Pledge(2) appears to kill /usr/bin/openssl enc....
> 
>  29093 openssl  CALL  kbind(140187732356888,24,-2708749615844173383)
>  29093 openssl  RET   kbind 0
>  29093 openssl  CALL  open(0x862a03bea3f,0<O_RDONLY>)
>  29093 openssl  NAMI  "/dev/tty"
>  29093 openssl  RET   open 4
>  29093 openssl  CALL
> open(0x862a03bea3f,0x601<O_WRONLY|O_CREAT|O_TRUNC>,0666<S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH>)
>  29093 openssl  NAMI  "/dev/tty"
>  29093 openssl  RET   open 5
>  29093 openssl  CALL  kbind(140187732356808,24,-2708749615844173383)
>  29093 openssl  RET   kbind 0
>  29093 openssl  CALL  ioctl(4,TIOCGETA,0x862a0711160)
>  29093 openssl  PSIG  SIGKILL SIG_DFL
> 
>  Adding ( tty ioctl ) separately and together did not correct the issue.
>  Same ktrace(1) output as above.
> 
>  /usr/bin/openssl enc... was working as of Sep 25 current.
>  Not sure when this stopped working, it was noticed Oct 15.

Let me show the debugging technique again.

1. use a sed script to add "abort" to all the pledge() calls.
2. make clean; make DEBUG=g
3. gdb obj/openssl
   (gdb) run enc -rc4

307             if (tcgetattr(fileno(tty_in), &tty_orig) == -1) {

As expected, that ioctl is being called using the POSIX tc* wrappers.

    (gdb) where

#0  0x000019cd1989ab9a in ioctl () at <stdin>:2
#1  0x000019ccf470ee85 in open_console (ui=Variable "ui" is not available.
)
    at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/ui/ui_openssl.c:307
#2  0x000019ccf470afd2 in UI_process (ui=0x19ccaf547c80)
    at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/ui/ui_lib.c:459
#3  0x000019ccf46f50cf in EVP_read_pw_string_min (buf=0x19cd97705600 "", min=0, 
len=Variable "len" is not available.
)
    at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/evp/evp_key.c:117
#4  0x000019caae431bca in enc_main () from /usr/obj/usr.bin/openssl/openssl
#5  0x000019caae437466 in do_cmd () from /usr/obj/usr.bin/openssl/openssl
#6  0x000019caae437d6b in main () from /usr/obj/usr.bin/openssl/openssl

So basically, the latest addition of pledges to the openssl command
were accidentally done without paying attention to part of the program
which hides in the "ui" directory of the library.

I'll let people more familiar with the pledge strategy in that program
fix it.

Reply via email to