Sent from my iPhone
> On May 13, 2016, at 4:16 PM, RD Thrush <[email protected]> wrote: > > On 05/13/16 11:07, Theo de Raadt wrote: >>> Since the anti-ROP mechanism in libc [2] was added in late April, -current >>> with read-only /usr produces something like the following message: >>> re-ordering libraries:install: /usr/lib/INS@OPOjn7ck17: Read-only file >>> system >> >> Look, your statement is false. I can install a snapshot right now, >> and I won't see what you report. > > The report is fairly easy to reproduce. Make the /usr filesystem read-only > in /etc/fstab, go to single user mode and exit back to multi-user. I've > appended a transcript. > >> That is the result of a mis-configuration on your part. > > It's unfortunate that mounting /usr read-only is now a mis-configuration. > >>> I thought I was following best practice by mounting /usr, >>> /usr/X11R6, and /usr/local read-only. I submitted a bug report and a >>> patch to fix my problem [2] but have had no response. >> >> That is not best practice. If it was, we would be heading towards >> making it the default. >> >> And why is not best practice? Because it stands directly against the >> primary purpose of OpenBSD: A development platform, where people >> constantly rebuild their binaries, iterating and fixing bugs. >> >> What you are describing here is really just "you make a local change, >> you own it". > > # cp -p /etc/fstab /etc/fstab.orig > # sed -e 's,/usr ffs rw,/usr ffs ro,' </etc/fstab.orig >/etc/fstab > # shutdown -f now > Shutdown NOW! > shutdown: [pid 82541] > # > ?*** FINAL System shutdown message from [email protected] ***? > System going down IMMEDIATELY > > > > System shutdown time has arrived > Enter pathname of shell or RETURN for sh: > # exit > Fast boot: skipping disk checks. > setting tty flags > pfctl: pf already enabled > machdep.allowaperture: 2 -> 2 > starting network > DHCPREQUEST on vio0 to 255.255.255.255 > DHCPACK from 10.1.2.18 (14:da:e9:b5:84:cf) > bound to 10.1.2.6 -- renewal in 302400 seconds. > re-ordering libraries:install: /usr/lib/INS@73BiVBOVcW: Read-only file system > done. > starting early daemons: syslogd pflogd ntpd. > starting RPC daemons:. > savecore: no core dump > checking quotas: done. > clearing /tmp > kern.securelevel: 0 -> 1 > creating runtime link editor directory cache. > preserving editor files. > starting network daemons: sshd smtpd sndiod. > starting local daemons: cron. > Fri May 13 16:30:55 EDT 2016 > > > ###################################################################### > OpenBSD 6.0-beta (GENERIC.MP) #1742: Fri May 13 08:52:53 MDT 2016 > [email protected]:/usr/src/sys/arch/i386/compile/GENERIC.MP > cpu0: Common 32-bit KVM processor ("GenuineIntel" 686-class) 3.41 GHz > cpu0: > FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,x2APIC,HV > real mem = 2146844672 (2047MB) > avail mem = 2093015040 (1996MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: date 06/23/99, BIOS32 rev. 0 @ 0xfd4be, SMBIOS rev. 2.8 @ > 0xf0cd0 (9 entries) > bios0: vendor SeaBIOS version > "rel-1.7.5.1-0-g8936dbb-20141113_115728-nilsson.home.kraxel.org" date > 04/01/2014 > bios0: QEMU Standard PC (i440FX + PIIX, 1996) > acpi0 at bios0: rev 0 > acpi0: sleep states S3 S4 S5 > acpi0: tables DSDT FACP SSDT APIC HPET > acpi0: wakeup devices > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 1000MHz > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Common 32-bit KVM processor ("GenuineIntel" 686-class) 3.41 GHz > cpu1: > FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,x2APIC,HV > ioapic0 at mainbus0: apid 0 pa 0xfec00000, version 11, 24 pins > acpihpet0 at acpi0: 100000000 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpicpu0 at acpi0: C1(@1 halt!) > acpicpu1 at acpi0: C1(@1 halt!) > "ACPI0006" at acpi0 not configured > "PNP0303" at acpi0 not configured > "PNP0F13" at acpi0 not configured > "PNP0700" at acpi0 not configured > "PNP0501" at acpi0 not configured > "PNP0A06" at acpi0 not configured > "ACPI0007" at acpi0 not configured > "ACPI0007" at acpi0 not configured > bios0: ROM list: 0xc0000/0x9200 0xc9800/0xa00 0xca800/0x2400 0xed000/0x3000! > pvbus0 at mainbus0: KVM > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 > pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 > pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 > wired to compatibility, channel 1 wired to compatibility > pciide0: channel 0 disabled (no drives) > atapiscsi0 at pciide0 channel 1 drive 0 > scsibus1 at atapiscsi0: 2 targets > cd0 at scsibus1 targ 0 lun 0: <QEMU, QEMU DVD-ROM, 2.2.> ATAPI 5/cdrom > removable > cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 > uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 > piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 > iic0 at piixpm0 > vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Memory" rev 0x00 > viomb0 at virtio0 > virtio0: apic 0 int 11 > virtio1 at pci0 dev 10 function 0 "Qumranet Virtio Storage" rev 0x00 > vioblk0 at virtio1 > scsibus2 at vioblk0: 2 targets > sd0 at scsibus2 targ 0 lun 0: <VirtIO, Block Device, > SCSI3 0/direct fixed > sd0: 32768MB, 512 bytes/sector, 67108864 sectors > virtio1: apic 0 int 10 > virtio2 at pci0 dev 18 function 0 "Qumranet Virtio Network" rev 0x00 > vio0 at virtio2: address 36:31:4d:56:db:75 > virtio2: apic 0 int 10 > isa0 at pcib0 > isadma0 at isa0 > fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 > fd0 at fdc0 drive 1: density unknown > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > com0: console > pckbc0 at isa0 port 0x60/5 irq 1 irq 12 > pckbd0 at pckbc0 (kbd slot) > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pms0 at pckbc0 (aux slot) > wsmouse0 at pms0 mux 0 > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 > usb0 at uhci0: USB revision 1.0 > uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > nvram: invalid checksum > uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" > rev 2.00/0.00 addr 2 > uhidev0: iclass 3/0 > ums0 at uhidev0: 3 buttons, Z dir > wsmouse1 at ums0 mux 0 > vscsi0 at root > scsibus3 at vscsi0: 256 targets > softraid0 at root > scsibus4 at softraid0: 256 targets > root on sd0a (43a6c82e14a0618c.a) swap on sd0b dump on sd0b > clock: unknown CMOS layout > Why not just put the appropriate mount command in /etc/rc.local?
