kbind(2) on OpenBSD and linking C

[cbvi]

The myrddin runtime on OpenBSD calls kbind(2), this doesn't cause any problem in normal use but if you link against C it causes the process to get killed at startup when ld.so makes its own kbind call.

The man page for kbind says:

 kbind is currently intended for use by ld.so(1) only [...] 
 two security checks are performed to bind
 it (pun intended) to its use in ld.so(1): the first time kbind is used,
 the kernel records both the text address of the call and the value of the
 cookie argument.  If those values differ in a later kbind call, then the
 process is killed.

I'm wondering if myrrdin should really be calling it?

[oridb]

Hm. OpenBSD uses this to tell whether program startup is done, which doesn't have much impact right now, but will matter more when exec pledges land.

I know that Go calls it, because I checked with ktrace. How does Go deal with this in cgo?

[oridb]

Maybe go actually calls it via cgo. Let's patch it out for now, and we can look at the right way to do it later, when it acutally matters.

[oridb]

And reading the patch that Theo just posted a bit more closely, even if we never call kbind it's not catastrophic: we just keep the ability to make exec mappings:

@@ -1393,6 +1424,9 @@ int
pledge_protexec(struct proc *p, int prot)
{
    if ((p->p_p->ps_flags & PS_PLEDGE) == 0)
+       return 0;
+   /* Before kbind(2) call, ld.so and crt may create EXEC mappings */
+   if (p->p_p->ps_kbind_addr == 0 && p->p_p->ps_kbind_cookie == 0)
        return 0;

[oridb]

And it's gone.