Attachment #210708 for bug #242137




# include <seccomp.h>
#endif /* LIBSECCOMP and KERN_SECCOMP */

#ifdef __FreeBSD__
#include <sys/procctl.h>
#ifndef PROC_STACKGAP_CTL
/*
 * Even if we compile on an older system we can still run on a newer one.
 */
#define	PROC_STACKGAP_CTL	17
#define	PROC_STACKGAP_DISABLE	0x0002
#endif
#endif

#ifdef HAVE_DNSREGISTRATION
# include <dns_sd.h>
DNSServiceRef mdns;

	char *argv[]
	)
{
#ifdef __FreeBSD__
	{
		/*
		 * We Must disable ASLR stack gap on FreeBSD to avoid a
		 * segfault. See PR/241421 and PR/241960.
		 */
		int aslr_var = PROC_STACKGAP_DISABLE;

		pid_t my_pid = getpid();
		procctl(P_PID, my_pid, PROC_STACKGAP_CTL, &aslr_var); 
	}
#endif
	return ntpdmain(argc, argv);
}
#endif /* !SYS_WINNT */

# if defined(HAVE_MLOCKALL)
#  ifdef HAVE_SETRLIMIT
	ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k");
#   ifdef RLIMIT_MEMLOCK
	/*
	 * The default RLIMIT_MEMLOCK is very low on Linux systems.
	 * Unless we increase this limit malloc calls are likely to

Lines 287-293 Link Here

(-)usr.sbin/ntp/config.h (-2 / +2 lines)
287	#define DEFAULT_HZ 100	287	#define DEFAULT_HZ 100
288		288
289	/* Default number of megabytes for RLIMIT_MEMLOCK */	289	/* Default number of megabytes for RLIMIT_MEMLOCK */
290	#define DFLT_RLIMIT_MEMLOCK -1	290	#define DFLT_RLIMIT_MEMLOCK 32
291		291
292	/* Default number of 4k pages for RLIMIT_STACK */	292	/* Default number of 4k pages for RLIMIT_STACK */
293	#define DFLT_RLIMIT_STACK 50	293	#define DFLT_RLIMIT_STACK 50
Lines 1477-1483 Link Here
1477	#define PACKAGE_URL "http://www.ntp.org./"	1477	#define PACKAGE_URL "http://www.ntp.org./"
1478		1478
1479	/* Define to the version of this package. */	1479	/* Define to the version of this package. */
1480	#define PACKAGE_VERSION "4.2.8p13"	1480	#define PACKAGE_VERSION "4.2.8p12"
1481		1481
1482	/* data dir */	1482	/* data dir */
1483	#define PERLLIBDIR "/usr/share/ntp/lib"	1483	#define PERLLIBDIR "/usr/share/ntp/lib"

Lines 102-112 Link Here

(-)usr.sbin/ntp/ntpd/ntp.conf (-8 lines)
102	# Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db.	102	# Use either leapfile in /etc/ntp or periodically updated leapfile in /var/db.
103	#leapfile "/etc/ntp/leap-seconds"	103	#leapfile "/etc/ntp/leap-seconds"
104	leapfile "/var/db/ntpd.leap-seconds.list"	104	leapfile "/var/db/ntpd.leap-seconds.list"
105
106	# Specify the number of megabytes of memory that should be allocated and
107	# locked. -1 (default) means "do not lock the process into memory".
108	# 0 means "lock whatever memory the process wants into memory". Any other
109	# number means to lock up to that number of megabytes into memory.
110	# 0 may result in a segfault when ASLR with stack gap randomization
111	# is enabled.
112	#rlimit memlock 32

Return to bug 242137

Lines 138-154 Link Here

(-)contrib/ntp/ntpd/ntpd.c (-24 / +1 lines)
138	# include <seccomp.h>	138	# include <seccomp.h>
139	#endif /* LIBSECCOMP and KERN_SECCOMP */	139	#endif /* LIBSECCOMP and KERN_SECCOMP */
140		140
141	#ifdef __FreeBSD__
142	#include <sys/procctl.h>
143	#ifndef PROC_STACKGAP_CTL
144	/*
145	* Even if we compile on an older system we can still run on a newer one.
146	*/
147	#define PROC_STACKGAP_CTL 17
148	#define PROC_STACKGAP_DISABLE 0x0002
149	#endif
150	#endif
151
152	#ifdef HAVE_DNSREGISTRATION	141	#ifdef HAVE_DNSREGISTRATION
153	# include <dns_sd.h>	142	# include <dns_sd.h>
154	DNSServiceRef mdns;	143	DNSServiceRef mdns;
Lines 413-430 Link Here
413	char *argv[]	402	char *argv[]
414	)	403	)
415	{	404	{
416	#ifdef __FreeBSD__
417	{
418	/*
419	* We Must disable ASLR stack gap on FreeBSD to avoid a
420	* segfault. See PR/241421 and PR/241960.
421	*/
422	int aslr_var = PROC_STACKGAP_DISABLE;
423
424	pid_t my_pid = getpid();
425	procctl(P_PID, my_pid, PROC_STACKGAP_CTL, &aslr_var);
426	}
427	#endif
428	return ntpdmain(argc, argv);	405	return ntpdmain(argc, argv);
429	}	406	}
430	#endif /* !SYS_WINNT */	407	#endif /* !SYS_WINNT */
Lines 1022-1028 Link Here
1022	# if defined(HAVE_MLOCKALL)	999	# if defined(HAVE_MLOCKALL)
1023	# ifdef HAVE_SETRLIMIT	1000	# ifdef HAVE_SETRLIMIT
1024	ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k");	1001	ntp_rlimit(RLIMIT_STACK, DFLT_RLIMIT_STACK * 4096, 4096, "4k");
1025	# if defined(RLIMIT_MEMLOCK) && defined(DFLT_RLIMIT_MEMLOCK) && DFLT_RLIMIT_MEMLOCK != -1	1002	# ifdef RLIMIT_MEMLOCK
1026	/*	1003	/*
1027	* The default RLIMIT_MEMLOCK is very low on Linux systems.	1004	* The default RLIMIT_MEMLOCK is very low on Linux systems.
1028	* Unless we increase this limit malloc calls are likely to	1005	* Unless we increase this limit malloc calls are likely to