mirror of
https://git.freebsd.org/ports.git
synced 2025-06-29 08:30:37 -04:00
c2a26c7a01
Restore ntp to prior to the ASLR mitigations applied. When ASLR and subsequently PIE were committed to the FreeBSD kernel, ntpd would segfault due to insufficient stack. This was because stack gap was not taken into account by applications requesting stack and/or memory limits. (BTW, this problem also affected firefox and thunderbird.) This subsequently caused disabling of rlimit memlock, which could not be avoided under the previous implementation of ASLR: Cannot set RLIMIT_MEMLOCK: Operation not permitted Since then a number of improvments to ASLR stack gap implementation have rendered the mitigations unnecessary. The mitigations initially developed here at FreeBSD were subsequently upstreamed (noticed by the folks at nwtime.org and automatically upstreamed). The mitigations have been reversed in the base system. This patch reverses the ASLR mitigations in the port as well. PR: 262031 Reported by: p5B2E9A8F@t-online.de
48 lines
1.3 KiB
C
48 lines
1.3 KiB
C
--- ntpd/ntpd.c.orig 2020-06-23 02:17:48.000000000 -0700
|
|
+++ ntpd/ntpd.c 2022-02-18 12:02:30.547638000 -0800
|
|
@@ -145,17 +145,6 @@
|
|
# include <seccomp.h>
|
|
#endif /* LIBSECCOMP and KERN_SECCOMP */
|
|
|
|
-#ifdef __FreeBSD__
|
|
-#include <sys/procctl.h>
|
|
-#ifndef PROC_STACKGAP_CTL
|
|
-/*
|
|
- * Even if we compile on an older system we can still run on a newer one.
|
|
- */
|
|
-#define PROC_STACKGAP_CTL 17
|
|
-#define PROC_STACKGAP_DISABLE 0x0002
|
|
-#endif
|
|
-#endif
|
|
-
|
|
#ifdef HAVE_DNSREGISTRATION
|
|
# include <dns_sd.h>
|
|
DNSServiceRef mdns;
|
|
@@ -438,18 +427,6 @@
|
|
char *argv[]
|
|
)
|
|
{
|
|
-# ifdef __FreeBSD__
|
|
- {
|
|
- /*
|
|
- * We Must disable ASLR stack gap on FreeBSD to avoid a
|
|
- * segfault. See PR/241421 and PR/241960.
|
|
- */
|
|
- int aslr_var = PROC_STACKGAP_DISABLE;
|
|
-
|
|
- pid_t my_pid = getpid();
|
|
- procctl(P_PID, my_pid, PROC_STACKGAP_CTL, &aslr_var);
|
|
- }
|
|
-# endif
|
|
return ntpdmain(argc, argv);
|
|
}
|
|
#endif /* !SYS_WINNT */
|
|
@@ -1058,7 +1035,7 @@
|
|
# if defined(HAVE_MLOCKALL)
|
|
# ifdef HAVE_SETRLIMIT
|
|
ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k");
|
|
-# ifdef RLIMIT_MEMLOCK
|
|
+# if defined(RLIMIT_MEMLOCK) && defined(DFLT_RLIMIT_MEMLOCK) && DFLT_RLIMIT_MEMLOCK != -1
|
|
/*
|
|
* The default RLIMIT_MEMLOCK is very low on Linux systems.
|
|
* Unless we increase this limit malloc calls are likely to
|