About this Episode

NetBSD 9.0 release process has started, xargs, a tale of two spellcheckers, Adapting TriforceAFL for NetBSD, Exploiting a no-name freebsd kernel vulnerability, and more.

Headlines

NetBSD 9.0 release process has started

If you have been following source-changes, you may have noticed the creation of the netbsd-9 branch! It has some really exciting items that we worked on:

  • New AArch64 architecture support:
    • Symmetric and asymmetrical multiprocessing support (aka big.LITTLE)
    • Support for running 32-bit binaries
    • UEFI and ACPI support
    • Support for SBSA/SBBR (server-class) hardware.
  • The FDT-ization of many ARM boards:
    • the 32-bit GENERIC kernel lists 129 different DTS configurations
    • the 64-bit GENERIC64 kernel lists 74 different DTS configurations
    • All supported by a single kernel, without requiring per-board configuration.
  • Graphics driver update, matching Linux 4.4, adding support for up to Kaby Lake based Intel graphics devices.
  • ZFS has been updated to a modern version and seen many bugfixes.
  • New hardware-accelerated virtualization via NVMM.
  • NPF performance improvements and bug fixes. A new lookup algorithm, thmap, is now the default.
  • NVMe performance improvements
  • Optional kernel ASLR support, and partial kernel ASLR for the default configuration.
  • Kernel sanitizers:
    • KLEAK, detecting memory leaks
    • KASAN, detecting memory overruns
    • KUBSAN, detecting undefined behaviour
    • These have been used together with continuous fuzzing via the syzkaller project to find many bugs that were fixed.
  • The removal of outdated networking components such as ISDN and all of its drivers
  • The installer is now capable of performing GPT UEFI installations.
  • Dramatically improved support for userland sanitizers, as well as the option to build all of NetBSD's userland using them for bug-finding.
  • Update to graphics userland: Mesa was updated to 18.3.4, and llvmpipe is now available for several architectures, providing 3D graphics even in the absence of a supported GPU.

We try to test NetBSD as best as we can, but your testing can help NetBSD 9.0 a great release. Please test it and let us know of any bugs you find.


xargs wtf

xargs is probably one of the more difficult to understand of the unix command arsenal and of course that just means it’s one of the most useful too.
I discovered a handy trick that I thought was worth a share. Please note there are probably other (better) ways to do this but I did my stackoverflow research and found nothing better.
xargs — at least how I’ve most utilized it — is handy for taking some number of lines as input and doing some work per line. It’s hard to be more specific than that as it does so much else.
It literally took me an hour of piecing together random man pages + tips from 11 year olds on stack overflow, but eventually I produced this gem:
This is an example of how to find files matching a certain pattern and rename each of them. It sounds so trivial (and it is) but it demonstrates some cool tricks in an easy concept.


News Roundup

PkgSrc: A Tale of Two Spellcheckers

This is a transcript of the talk I gave at pkgsrcCon 2019 in Cambridge, UK. It is about spellcheckers, but there are much more general software engineering lessons that we can learn from this case study.
The reason I got into this subject at all was my paternal leave last year, when I finally had some more time to spend working on pkgsrc. It was a tiny item in the enormous TODO file at the top of the source tree (“update enchant to version 2.2”) that made me go into this rabbit hole.


Adapting TriforceAFL for NetBSD, Part 2

I have been working on adapting TriforceAFL for NetBSD kernel syscall fuzzing. This blog post summarizes the work done until the second evaluation.
For work done during the first coding period, check out this post.

  • Summary > So far, the TriforceNetBSDSyscallFuzzer has been made available in the form of a pkgsrc package with the ability to fuzz most of NetBSD syscalls. In the final coding period of GSoC. I plan to analyse the crashes that were found until now. Integrate sanitizers, try and find more bugs and finally wrap up neatly with detailed documentation. > Last but not least, I would like to thank my mentor, Kamil Rytarowski for helping me through the process and guiding me. It has been a wonderful learning experience so far!

Exploiting a no-name freebsd kernel vulnerability

  • A new patch has been recently shipped in FreeBSD kernels to fix a vulnerability (cve-2019-5602) present in the cdrom device. In this post, we will introduce the bug and discuss its exploitation on pre/post-SMEP FreeBSD revisions. > A closer look at the commit 6bcf6e3 shows that when invoking the CDIOCREADSUBCHANNEL_SYSSPACE ioctl, data are copied with bcopy instead of the copyout primitive. This endows a local attacker belonging to the operator group with an arbitrary write primitive in the kernel memory.

[Allan and Benedicts Conference Gear Breakdown]


Beastie Bits


Feedback/Questions


  • Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv