Date: Fri, 26 Aug 2016 09:01:21 -0600 From: Warner Losh <imp@bsdimp.com> To: Ed Maste <emaste@freebsd.org> Cc: Pedro Giffuni <pfg@freebsd.org>, "freebsd-toolchain@FreeBSD.org" <freebsd-toolchain@freebsd.org> Subject: Re: Time to enable partial relro Message-ID: <CANCZdfp9Roc=MyrD8UO-efKOn5vSsOprM9juw6NeYT2T0Ag0wg@mail.gmail.com> In-Reply-To: <CAPyFy2B3j7h9Cme=8VPs4ogOMgYAWvbyggZ3NMJraz5xoWqiXg@mail.gmail.com> References: <b75890eb-d8bd-759e-002f-ab0c16db0975@FreeBSD.org> <CANCZdfqAmhN1owbo_rDt5xjC%2BbboOHrgu2xDHeZi1P02rX7EwQ@mail.gmail.com> <CAPyFy2B3j7h9Cme=8VPs4ogOMgYAWvbyggZ3NMJraz5xoWqiXg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 26, 2016 at 8:36 AM, Ed Maste <emaste@freebsd.org> wrote: > On 26 August 2016 at 10:18, Warner Losh <imp@bsdimp.com> wrote: >> >> So what's the summary of why we'd want to do that? What benefit does it bring? >> Sure, other folks do it, but why? > > It's a relatively low cost technique to mitigate certain > vulnerabilities. rtld needs to write to some sections during load but > they don't need to be writeable after starting the program. relro > reorders the output sections so that they are grouped together, and > rtld remaps them read-only on start. This is often called "partial > relro." I don't know of any real downside to enabling it, other than > it could possibly break some strangely built third party software. > It's been enabled on other platforms for quite some time though and I > doubt we'd run into new issues. > > It doesn't bring a huge benefit by itself though; the PLT is still > writeable. Adding "-z now" to the linker invocation produces "full > relro" which makes the PLT read-only too. It has a negative impact on > process start-up time though. Sounds like this has implications for all the RTLD on all our architectures. Has this been tested across all of them? Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfp9Roc=MyrD8UO-efKOn5vSsOprM9juw6NeYT2T0Ag0wg>