net/ntp: Restore previous behaviour

Restore ntp to prior to the ASLR mitigations applied. When ASLR and subsequently PIE were committed to the FreeBSD kernel, ntpd would segfault due to insufficient stack. This was because stack gap was not taken into account by applications requesting stack and/or memory limits. (BTW, this problem also affected firefox and thunderbird.) This subsequently caused disabling of rlimit memlock, which could not be avoided under the previous implementation of ASLR: Cannot set RLIMIT_MEMLOCK: Operation not permitted Since then a number of improvments to ASLR stack gap implementation have rendered the mitigations unnecessary. The mitigations initially developed here at FreeBSD were subsequently upstreamed (noticed by the folks at nwtime.org and automatically upstreamed). The mitigations have been reversed in the base system. This patch reverses the ASLR mitigations in the port as well. PR: 262031 Reported by: p5B2E9A8F@t-online.de
freebsd · Feb 18, 2022 · c2a26c7 · c2a26c7
1 parent 23f478f
commit c2a26c7
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 16 deletions.
diff --git a/net/ntp/Makefile b/net/ntp/Makefile
@@ -2,7 +2,7 @@
 
 PORTNAME=	ntp
 PORTVERSION=	4.2.8p15
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	net
 MASTER_SITES=	http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ \
 		http://archive.ntp.org/ntp4/ntp-4.2/ \

diff --git a/net/ntp/files/patch-ntpd_ntpd.c b/net/ntp/files/patch-ntpd_ntpd.c
@@ -1,24 +1,48 @@
 --- ntpd/ntpd.c.orig	2020-06-23 02:17:48.000000000 -0700
-+++ ntpd/ntpd.c	2022-01-26 10:14:00.828563000 -0800
-@@ -145,7 +145,9 @@
++++ ntpd/ntpd.c	2022-02-18 12:02:30.547638000 -0800
+@@ -145,17 +145,6 @@
  # include <seccomp.h>
  #endif /* LIBSECCOMP and KERN_SECCOMP */
 
 -#ifdef __FreeBSD__
-+#if defined(__FreeBSD_version) && \
-+    ((__FreeBSD_version > 1400000 && __FreeBSD_version < 1400038) || \
-+    __FreeBSD_version < 1300524)
- #include <sys/procctl.h>
- #ifndef PROC_STACKGAP_CTL
- /*
-@@ -438,7 +440,9 @@
+-#include <sys/procctl.h>
+-#ifndef PROC_STACKGAP_CTL
+-/*
+- * Even if we compile on an older system we can still run on a newer one.
+- */
+-#define	PROC_STACKGAP_CTL	17
+-#define	PROC_STACKGAP_DISABLE	0x0002
+-#endif
+-#endif
+-
+ #ifdef HAVE_DNSREGISTRATION
+ # include <dns_sd.h>
+ DNSServiceRef mdns;
+@@ -438,18 +427,6 @@
  	char *argv[]
  	)
  {
 -#   ifdef __FreeBSD__
-+#   if defined(__FreeBSD_version) && \
-+       ((__FreeBSD_version > 1400000 && __FreeBSD_version < 1400038) || \
-+       __FreeBSD_version < 1300524)
- 	{
- 		/*
- 		 * We Must disable ASLR stack gap on FreeBSD to avoid a
+-	{
+-		/*
+-		 * We Must disable ASLR stack gap on FreeBSD to avoid a
+-		 * segfault. See PR/241421 and PR/241960.
+-		 */
+-		int aslr_var = PROC_STACKGAP_DISABLE;
+-
+-		pid_t my_pid = getpid();
+-		procctl(P_PID, my_pid, PROC_STACKGAP_CTL, &aslr_var); 
+-	}
+-#   endif
+ 	return ntpdmain(argc, argv);
+ }
+ #endif /* !SYS_WINNT */
+@@ -1058,7 +1035,7 @@
+ # if defined(HAVE_MLOCKALL)
+ #  ifdef HAVE_SETRLIMIT
+ 	ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k");
+-#   ifdef RLIMIT_MEMLOCK
++#   if defined(RLIMIT_MEMLOCK) && defined(DFLT_RLIMIT_MEMLOCK) && DFLT_RLIMIT_MEMLOCK != -1
+ 	/*
+ 	 * The default RLIMIT_MEMLOCK is very low on Linux systems.
+ 	 * Unless we increase this limit malloc calls are likely to