From 98bb735fb124589037718de5d204d8f3563d027e Mon Sep 17 00:00:00 2001 From: Theo de Raadt Date: Wed, 18 Jan 2023 20:44:41 +0000 Subject: process the sshd random-relink kit if it is found. sshd's text segment is now garbled, and in the future xonly univirse you'll have poor success downloading it or libc to know where gadgets are. ok djm --- etc/rc | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'etc/rc') diff --git a/etc/rc b/etc/rc index d4379e5ad91..466e84c9039 100644 --- a/etc/rc +++ b/etc/rc @@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.568 2022/12/28 09:53:33 kn Exp $ +# $OpenBSD: rc,v 1.569 2023/01/18 20:44:40 deraadt Exp $ # System startup script run by init on autoboot or after single-user. # Output and error are redirected to console by init, and the console is the @@ -188,7 +188,7 @@ reorder_libs() { fi done - echo 'reordering libraries:' + echo 'reordering:' # Remount the (read-only) filesystems in _ro_list as read-write. for _mp in $_ro_list; do @@ -237,6 +237,21 @@ reorder_libs() { ) || { _error=true; break; } done + for _bin in $_relink/usr/sbin/sshd; do + _tmpdir=$(mktemp -dq $_relink/_rebuild.XXXXXXXXXXXX) && + ( + set -o errexit + cd $_tmpdir + _binn=${_bin##*/} + _bint=${_bin}/${_binn}.tar + if [[ -f $_bint ]]; then + echo " $_binn" + tar xf $_bint + make -f Makefile.relink relink >/dev/null 2>&1 + fi + ) || { _error=true; break; } + done + rm -rf $_relink/_rebuild.* # Restore previous mount state if it was changed. -- cgit v1.2.3