HardenedBSD September 2022 Status Report

I apologize for the delay in getting the September 2022 status report out. But alas, it has arrived!

My time was spent mostly on infrastructure. We're slowly aging out some incredibly old servers in our infrastructure, occasionally not by choice. The Dell R410 server that ran our auto-sync cron jobs decided to die. So I rebuilt the auto-sync jail on another Dell R410 server of the same age, but the PERC controller decided to die. So now, the auto-sync jail is hosted on another server--but this time on a performant, stable system.

In src and ports land, I spent most of my time just resolving the occasional merge conflict.

In src:

  1. Shawn ensured that the HardenedBSD copyright is always applied
  2. Loic did some house cleaning with a few files in src
  3. Loic removed leftover cruft from our LibreSSL-in-base experiment
  4. MrUnix0 changed the HardenedBSD pkg repo configuration in 14-CURRENT to use HTTPS rather than HTTP. We're still exploring whether this change can be safely MFC'd to 13-STABLE, but we're being very conservative here.
  5. FreeBSD updated `less(1)` to v608, which introduced a number of CFI violations. Shawn fixed two that were readily apparent.
  6. Loic set `-fstack-protector-strong` for the kernel.
  7. Loic fixed a few compiler warnings/errors when using a modified kernel config.

In ports:

  1. Shawn enabled PulseAudio support for net/freerdp. Having audio over RDP seems pretty useful.
  2. Loic enabled the sort plugin for editors/pluma.
  3. Loic added games/scratch
  4. Loic fixed the uname output in sysutils/mate-system-monitor
  5. Loic disabled Java support by default for editors/libreoffice
  6. Loic Fixed textproc/docbook2mdoc
  7. Shawn fixed the llvm compiler toolchain component tests, fixing CFI applicability detection
  8. Loic forced lld for graphics/cimg, science/cdo, and math/octave
  9. Loic disabled PaX MPROTECT for emulators/qemu70
  10. Loic fixed java/openjdk11
  11. MrUnix disabled PaX MPROTECT and PaX PAGEEXEC for games/assaultcube
  12. MrUnix disabled PaX MPROTECT and PaX PAGEEXEC for x11/lumina-core
  13. MrUnix disabled PaX MPROTECT and PaX PAGEEXEC for games/xonotic

I did a new build of hbsdfw in late September, but I didn't get around to deploying it at home as a good first test. I'm following some of the work the OPNsense folks are doing and it seems best to hold off on a new build until some things settle down in their core repo. I plan to kick off a new build once I'm confident the dust has settled.

Upcoming plans:

Many of those in the HardenedBSD community know that I've worked (incredibly slowly) off-and-on throughout the years on Cross-DSO CFI support in HardenedBSD. In October, I plan to resume that work starting mid-October. Here's where we stand on Cross-DSO CFI today:

I can compile (nearly) the entire dynamic world with Cross-DSO CFI. However, there is an interesting recursion issue at early application startup with some applications. The Cross-DSO CFI runtime intercepts calls to dlopen and dlclose. In certain cases, libc itself may call dlopen and/or dlclose. Some applications, even some in base (like `id(1)`) call libc functions that call into dlopen/dlclose. This presents problems with llvm's Cross-DSO CFI runtime.

libc is an incredibly attractive target given its large surface area. It's incredibly complex. At this time, I feel applying Cross-DSO CFI to libc itself may be too large of an undertaking, preventing tangible progress. Thus, my initial goal will be to apply CFI to as many shared libraries in base as I can, but likely not libc at this time. As Rome was not built in a single day, neither
will a Cross-DSO CFI HardenedBSD be. It is my hope that we will indeed apply CFI in the future to libc (in whole or in part), but that day is not today.

Building ports/packages will be another huge aspect of this. Back in 2018, the last time I made tangible progress on Cross-DSO CFI, the memory footprint ballooned when building packages due to CFI'd libraries in base. Eventually, the experimental package build failed due to memory pressure.

My main objective: end 2023 (yes: 2023) with Cross-DSO CFI enabled in HardenedBSD by default. Whether libc is a part of that is unknown, but we can hope.

To fit that main objective, I plan to take a back seat to most other development aspects of the project, with the exception of hbsdfw. I will definitely be involved in all other aspects of the project (the infrastructure, the Foundation, etc.) The only thing that is changing: I am formally delegating the implementation of new security and hardening techniques to the wider HardenedBSD community so that I can focus on Cross-DSO CFI.

I appreciate all the help the community has given the project to date. I'm especially grateful for the continued contributions, the advocacy, the support. This little project would not exist in its current state without the recurring love and support you, the community, provide. As I focus my attention on a more difficult and involved goal (that of Cross-DSO CFI), I'm hopeful for a renewed sense of excitement and support from the community.