I have a web application process, which talks to strangers on the network and stores data in the filesystem. To limit the damage caused by naughty tricksters, it uses pledge and unveil so that even if somebody takes over the process, they can only corrupt this program’s data. As opposed to changing my password, for example.

Users love features, so every day I add a new feature, and then I restart the server. This causes milliseconds of downtime. We can only afford 800 milliseconds of downtime per day in order to meet our five nines availability target, and two restarts in a single day puts us very close to the limit. So I added a smooth restart feature, where sending SIGHUP to the server will cause it to reëxec itself, but with the listening socket already open. No connections are lost.

Fork and exec require additional promises to pledge. But this opens the door to trouble. What happens if the trickster wants to exec a new process? Fortunately, unveil restricts exec to only the same program, but they can still restart it with new options, like setting the log file to /etc/passwd. The command line interface offers enough flexibility to accomplish a fair bit of mischief. I spent some time convincing myself this is an unlikely attack scenario, and mostly succeeded, but using pledge suggests I care about unlikely scenarios, so I should do things properly.

As with all problems, the solution is to add another layer of abstraction. Now the main process execs a worker process, and the worker process once again loses the ability to exec. I was already using one helper process anyway, managed by the server. After shuffling some code around, our growing family now includes three processes. The result is arguably better organized, as well, since competing concerns are better split among the processes.

I got a something old something new laptop and installed OpenBSD. And then the murders began.

more...

ASUS laptops generally have a feature that lets the user toggle the fan speed. Fn-F5 on some models, Fn-F on others. The direct effect is to limit the fan speed, from whisper mode to megablast, and indirectly control performance. But it doesn’t work in OpenBSD, so I needed to write an ASUS ACPI WMI driver.

more...

As I move around, I roam between wifi networks, but sometimes lose the connection. Then I click a link and watch in vain as it fails to load. So I’d like an easy way to check which, if any, wifi network I’m connected to, such as by putting it in my dwm status bar. I could run ifconfig and parse the output, but that’s excessively wasteful. I need to get the info myself.

more...

It’s been three years since our previous counting of lines, so let’s check back in and see how OpenBSD is growing. Instead of just looking at the kernel, this time we’ll zoom out and look at the entire src tree.

. 20.54M lines 954.56M bytes
├──sys 9.70M lines 627.17M bytes
│  ├──dev 8.49M lines 593.52M bytes
│  │  ├──pci 7.14M lines 549.14M bytes
│  │  │  └──drm 6.58M lines 532.33M bytes
│  │  │     ├──amd 5.81M lines 509.00M bytes (7)
│  │  │     └──(other) 696.08k lines 21.03M bytes (7)
│  │  └──(other) 1.33M lines 43.74M bytes (36)
│  └──(other) 1.21M lines 33.66M bytes (22)
├──gnu 7.65M lines 238.82M bytes
│  ├──usr.bin 4.72M lines 140.19M bytes
│  │  ├──binutils 1.42M lines 42.64M bytes (12)
│  │  ├──binutils-2.17 1.14M lines 39.34M bytes (12)
│  │  ├──gcc 1.18M lines 35.25M bytes (3)
│  │  └──(other) 981.74k lines 22.96M bytes (5)
│  ├──llvm 1.52M lines 55.85M bytes (8)
│  ├──gcc 1.25M lines 37.88M bytes (11)
│  └──(other) 164.69k lines 4.89M bytes (3)
└──(other) 3.19M lines 88.57M bytes (12)

As some of the more knowing members of the audience may have predicted, the AMD GPU driver wins the prestigious Most Growth award, nearly doubling in size. It’s gone from being more than the half the kernel to more than half of the entire operating system. Quite the achievement! No other subdirectory even comes close.

AMD was up against some stiff competition in the past, including Team Toolchain featuring two copies of binutils, two copies of gcc (4.2 and 3.old), and llvm, but even their combined efforts now come in at only half an AMD.

There are some other programs and utilities included in OpenBSD as well, but at less than 10% of the codebase, they’re probably not worth further consideration. Too far out of competition.

I don’t usually recommend budget laptops, which end up being useful for little more than getting online and ordering a real replacement, but occasionally there’s exceptions. Like the ASUS Vivobook 14 (X1404ZA) from 2023, which apparently was made in great numbers but didn’t sell very well, because stores are still trying to unload it. It’s not a great laptop, but for $225 or so, it’s better than most of the alternatives. (Unless you find a good deal on an ebay thinkpad, etc. An X1 Carbon G3 from 2015 seems to be about the same price.) I picked it up specifically because I wanted an Alder Lake CPU for reasons, and I’m happy that it hasn’t been a waste of money.

more...

The OpenBSD kernel has a set of functions to help detect memory corruption, the poison subroutines. The memory management code uses these functions, but they themselves have a very simple interface, no complicated types or data structures, meaning they’re easy to replace. What if we rewrite the memory corruption detection functions in rust so it’s impossible for them to cause memory corruption?

more...

Or perhaps more precisely, how do they get there? What happens when you call write?

more...

The OpenBSD kernel is getting to be really old, like really, really old, mid 40s old, and consequently it doesn’t like surprises, so programs have to tell it where their syscalls are. In today’s edition of the polite programmer, we’ll learn the proper etiquette for doing so.

more...

On OpenBSD, there is a rule that you link with libc to interface with the kernel, because that’s where the syscall stubs live. This causes a great deal of consternation for partisans of other languages, because they don’t want to link “all of libc”. But when does anything link all of libc?

more...