Bug 2141 - DNSCrypt on FreeBSD
DNSCrypt on FreeBSD
Status: RESOLVED FIXED
Product: unbound
Classification: Unclassified
Component: server
1.6.7
x86_64 FreeBSD
: P5 normal
Assigned To: unbound team
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-31 02:21 CET by publicarray
Modified: 2017-11-03 16:08 CET (History)
3 users (show)

See Also:


Attachments
config-file (33.79 KB, application/octet-stream)
2017-10-31 02:21 CET, publicarray
Details
Detect lack of entropy in chroot (3.27 KB, patch)
2017-11-03 16:03 CET, Manu Bretelle
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description publicarray 2017-10-31 02:21:05 CET
Created attachment 466 [details]
config-file

First off, Thanks for this amazing piece of software!

The issue is that unbound with DNSCrypt will abort. If I set dnscrypt-enable: no than unbound will run fine.
unbound was compiled from ports with dnscrypt support.

root@ /u/l/e/unbound# unbound
Oct 31 11:05:12 unbound[10987:0] debug: creating udp4 socket 0.0.0.0 443
Oct 31 11:05:12 unbound[10987:0] debug: creating tcp4 socket 0.0.0.0 443
Oct 31 11:05:12 unbound[10987:0] debug: creating tcp6 socket ::1 8953
Oct 31 11:05:12 unbound[10987:0] debug: creating tcp4 socket 127.0.0.1 8953
Oct 31 11:05:12 unbound[10987:0] debug: setup SSL certificates
Oct 31 11:05:12 unbound[10987:0] warning: did not exit gracefully last time (10981)
Oct 31 11:05:12 unbound[10987:0] debug: chdir to /usr/local/etc/unbound
Oct 31 11:05:12 unbound[10987:0] debug: chroot to /usr/local/etc/unbound
Oct 31 11:05:12 unbound[10987:0] debug: drop user privileges, run as unbound
Oct 31 11:05:12 unbound[10987:0] debug: switching log to /usr/local/etc/unbound/log.txt
fish: 'unbound' terminated by signal SIGABRT (Abort)

root@ ~# uname -a
FreeBSD  11.1-RELEASE-p1 FreeBSD 11.1-RELEASE-p1 #0: Wed Aug  9 11:55:48 UTC 2017     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
Comment 1 Manu Bretelle 2017-10-31 19:32:36 CET
Hi @publicarray 

I dont have Free BSD readily available so it may take me some time before I can have a repro.

Does it still fail if you add a plaintext dns interface, e.g add:
```
interface: 0.0.0.0
```
to your config?
Comment 2 Manu Bretelle 2017-10-31 21:28:09 CET
Got a repro, this is happening within libsodium:

(gdb) bt
#0  0x0000000801b5a84a in thr_kill () from /lib/libc.so.7
#1  0x0000000801b5a814 in raise () from /lib/libc.so.7
#2  0x0000000801b5a789 in abort () from /lib/libc.so.7
#3  0x0000000800bd34b9 in sodium_misuse () from /usr/local/lib/libsodium.so.23
#4  0x0000000800bd4701 in sodium_library_minimal () from /usr/local/lib/libsodium.so.23
#5  0x0000000800bd16b9 in randombytes_stir () from /usr/local/lib/libsodium.so.23
#6  0x0000000800bd33f5 in sodium_init () from /usr/local/lib/libsodium.so.23
#7  0x00000000004b2e2d in dnsc_create () at ./dnscrypt/dnscrypt.c:892
#8  0x000000000040e4bb in daemon_fork (daemon=0x80221d000) at ./daemon/daemon.c:581
#9  0x000000000041bfd7 in run_daemon (cfgfile=0x7fffffffed14 "/unbound.conf", cmdline_verbose=0, debug_mode=1, log_default_identity=0x7fffffffecf0 "unbound", need_pidfile=1)
    at ./daemon/unbound.c:648
#10 0x000000000041bbf8 in main (argc=0, argv=0x7fffffffea70) at ./daemon/unbound.c:745
(gdb) bt full
#0  0x0000000801b5a84a in thr_kill () from /lib/libc.so.7
No symbol table info available.
#1  0x0000000801b5a814 in raise () from /lib/libc.so.7
No symbol table info available.
#2  0x0000000801b5a789 in abort () from /lib/libc.so.7
No symbol table info available.
#3  0x0000000800bd34b9 in sodium_misuse () from /usr/local/lib/libsodium.so.23
No symbol table info available.
#4  0x0000000800bd4701 in sodium_library_minimal () from /usr/local/lib/libsodium.so.23
No symbol table info available.
#5  0x0000000800bd16b9 in randombytes_stir () from /usr/local/lib/libsodium.so.23
No symbol table info available.
#6  0x0000000800bd33f5 in sodium_init () from /usr/local/lib/libsodium.so.23
No symbol table info available.
#7  0x00000000004b2e2d in dnsc_create () at ./dnscrypt/dnscrypt.c:892
        env = (struct dnsc_env *) 0x10233f120
#8  0x000000000040e4bb in daemon_fork (daemon=0x80221d000) at ./daemon/daemon.c:581
        have_view_respip_cfg = 0
#9  0x000000000041bfd7 in run_daemon (cfgfile=0x7fffffffed14 "/unbound.conf", cmdline_verbose=0, debug_mode=1, log_default_identity=0x7fffffffecf0 "unbound", need_pidfile=1)
    at ./daemon/unbound.c:648
        cfg = (struct config_file *) 0x802216500
        daemon = (struct daemon *) 0x80221d000
        done_setup = 1
#10 0x000000000041bbf8 in main (argc=0, argv=0x7fffffffea70) at ./daemon/unbound.c:745
        c = -1
        cfgfile = 0x7fffffffecfe "/usr/local/etc/unbound/unbound.conf"
        winopt = 0x0
        log_ident_default = 0x7fffffffecf0 "unbound"
        cmdline_verbose = 0
        debug_mode = 1
        need_pidfile = 1
Comment 3 Manu Bretelle 2017-11-01 00:07:37 CET
@publicarray 

so, libsodium is failing to detect a source of entropy and aborts.... 

You need to bind-mount devfs
```
mkdir /usr/local/etc/unbound/dev
mount -t devfs devfs  /usr/local/etc/unbound/dev
```

Assuming that all other files are set, you should be good.
Comment 4 publicarray 2017-11-01 00:41:08 CET
@Manu Bretelle

Thanks so much.

Yes that did the trick.
I feel sightly stupid now. With `chroot` of course there is no access to /dev/random. It's even documented. To prevent others from falling into this trap, would it possible to log a notice if /dev/random cannot be accessed?
Comment 5 Manu Bretelle 2017-11-01 00:57:16 CET
it is unclear to me whether checking for /dev/random is good enough. I have opened https://github.com/jedisct1/libsodium/issues/625 to better understand how to detect this cross-platform.
Comment 6 Wouter Wijngaards 2017-11-01 08:09:13 CET
Hi Manu,

The getrandom(2) call has been added for that in recent Linux (3.19), and in BSD you might find it, or getentropy(), that does something similar.  Both work in chroot.  Use these calls instead of /dev/random, and no chroot problems.

Unbound had the same chroot and dev/random issues...

Best regards, Wouter
Comment 7 Manu Bretelle 2017-11-01 22:19:46 CET
moving forward with future libsodium releases, there will be a way to subscribe a handler for when sodium_init fails. With https://github.com/jedisct1/libsodium/commit/8d5b6b1fc9701dcdc06bbdba2d541df7f7f1846e on master, we will be able to print a relevant message to the end user before dying.

Apparently, on FreeBSD, we better stick with /dev/{u,}random : https://github.com/jedisct1/libsodium/pull/626#issuecomment-341157531

I will rather provide a message to the user using the handler than doing manual checks for source of entropy.
Comment 8 Manu Bretelle 2017-11-03 16:03:33 CET
Created attachment 467 [details]
Detect lack of entropy in chroot

libsodium now support calling a handler before aborting when it fails to initialize due to lack of entropy for example.
Take advantage of the handler and print a meaningful message to the user before calling fatal_exit.
Comment 9 Manu Bretelle 2017-11-03 16:07:07 CET
Attached a patch to handle the lack of entropy.

The build passes against master and I also tested the behaviour in FreeBSD (see test output in patch).

Tests are still passing against older versions of libsodium as well as master.

https://travis-ci.org/chantra/unbound/builds/296823954
Comment 10 Wouter Wijngaards 2017-11-03 16:08:43 CET
Hi Manu,

Integrated the patch.  Thanks!

Best regards, Wouter