dns VS src

The heavylifting is done by this package: https://github.com/miekg/dns.

Apart from `dig`, clients like https://github.com/miekg/dns show the same behavior.

For the DNS i wrote a PiHole clone, which on the core it uses github.com/miekg/dns, to upstream queries and also to handle the custom entries, i've been wanting to publish that project but haven't done so cause the code is a bit messy since i did it as a PoC mostly, when comparing it to pihole it has the advantage that its really resource light mostly on the admin features, the dns resolving performs pretty much the same.

coredns uses github.com/miekg/dns under the hood

You can do the same with net.Resolver, either by just setting it's Dial function (and PreferGo=true). You can use https://pkg.go.dev/golang.org/x/net/dns/dnsmessage or https://github.com/miekg/dns to implement an in-process server, either over TCP/UDP or skipping real networking completely, just like you can do with https://golang.org/pkg/net/http/httptest

Had a similar problem a couple years ago where I needed to use alternative DNS libraries to troubleshoot issues in a company's infrastructure.

Golang's rules for what implementation to use are found here: https://golang.org/pkg/net/#hdr-Name_Resolution

A really solid alternative DNS client implementation can be found here: https://github.com/miekg/dns. Real easy to read and vet compared to a few other libraries I ran into when working on this problem.

The OpenBSD project released 7.4 of their OS on 16 Oct 2023 as their 55th release 💫

Well since https://www.openbsd.org/ still says

> Only two remote holes in the default install, in a heck of a long time!

I'm assuming not, but I could always be mistaken.

> building a cat from scratch

> That would be an interesting project.

Here is the source code of the OpenBSD implementation of cat:

> https://github.com/openbsd/src/blob/master/bin/cat/cat.c

and here of the GNU coreutils implementation:

> https://github.com/coreutils/coreutils/blob/master/src/cat.c

Thus: I don't think building a cat from scratch or creating a tutorial about that topic is particularly hard (even though the HN audience would likely be interested in it). :-)

> I don't know how they define `MAX`, but I'm guessing it's a typical "a>b?a:b"

Indeed: https://github.com/openbsd/src/blob/master/sys/sys/param.h#L...

> Then `SYS_kbind` seems to be a signed int.

It's an untyped #define: https://github.com/openbsd/src/blob/master/sys/sys/syscall.h...

I believe your whole analysis is correct, that running an elf file with an openbsd.syscalls entry with .sysno > INT_MAX will allow an out-of-bounds write.

I can reproduce it. And this is the commit that causes the issue: https://github.com/openbsd/src/commit/d21788ce70be80e9c4ed0c52c149e01147c4a823

This doesn’t really change your conclusion, but I think that’s the wrong file. This is the real doas afaict: https://github.com/openbsd/src/blob/master/usr.bin/doas/doas...

Still just a tidy 1072 lines in that folder though.

I spent 5 minutes staring at your file trying to understand how on earth it does the things in the man page, but of course it doesn’t.

OpenBSD developers are making serious effort to kill off indirect syscalls, the base system is completely clean, take a look at the work Andrew Fresh did to adapt Perl. He write a complete syscall "dispatcher" or emulator for the Perl syscall function so that it calls the libc stubs.

https://github.com/openbsd/src/commit/312e26c80be876012ae979...

The ports tree is also being cleansed of syscall(2) usage, until they're all gone.

msyscall, pinsyscall, recent mandatory IBT/BTI, xonly. OpenBSD is making waves, but people aren't really seeing them yet.

Actually, I got it wrong, too many vulnerabilities in flight. They did fix it: https://github.com/openbsd/src/commit/375ccafb2eb77de6cf240e...