Date: Fri, 26 Aug 2016 10:50:55 -0600 From: Warner Losh <wlosh@bsdimp.com> To: Pedro Giffuni <pfg@FreeBSD.org> Cc: Warner Losh <imp@bsdimp.com>, Ed Maste <emaste@freebsd.org>, "freebsd-toolchain@FreeBSD.org" <freebsd-toolchain@freebsd.org> Subject: Re: Time to enable partial relro Message-ID: <486AA283-9E0B-4566-92B7-56919FA2BECF@bsdimp.com> In-Reply-To: <3995b10f-f9dc-ff85-9575-5e421884816c@FreeBSD.org> References: <b75890eb-d8bd-759e-002f-ab0c16db0975@FreeBSD.org> <CANCZdfqAmhN1owbo_rDt5xjC%2BbboOHrgu2xDHeZi1P02rX7EwQ@mail.gmail.com> <CAPyFy2B3j7h9Cme=8VPs4ogOMgYAWvbyggZ3NMJraz5xoWqiXg@mail.gmail.com> <CANCZdfp9Roc=MyrD8UO-efKOn5vSsOprM9juw6NeYT2T0Ag0wg@mail.gmail.com> <6af6f640-a00a-1359-d40f-c62b40eafb9c@FreeBSD.org> <CANCZdfpQbAe8pnxZuCab0JoW5ByGbVbKtEJjrBmL=-kMdg_PnA@mail.gmail.com> <3995b10f-f9dc-ff85-9575-5e421884816c@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_C877F52B-651B-49E8-9D70-802518B443E9 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Aug 26, 2016, at 9:20 AM, Pedro Giffuni <pfg@FreeBSD.org> wrote: >=20 >=20 >=20 > On 08/26/16 10:08, Warner Losh wrote: >> On Fri, Aug 26, 2016 at 9:06 AM, Pedro Giffuni <pfg@freebsd.org> = wrote: >>>=20 >>>=20 >>> On 08/26/16 10:01, Warner Losh wrote: >>>>=20 >>>> On Fri, Aug 26, 2016 at 8:36 AM, Ed Maste <emaste@freebsd.org> = wrote: >>>>>=20 >>>>> On 26 August 2016 at 10:18, Warner Losh <imp@bsdimp.com> wrote: >>>>>>=20 >>>>>>=20 >>>>>> So what's the summary of why we'd want to do that? What benefit = does it >>>>>> bring? >>>>>> Sure, other folks do it, but why? >>>>>=20 >>>>>=20 >>>>> It's a relatively low cost technique to mitigate certain >>>>> vulnerabilities. rtld needs to write to some sections during load = but >>>>> they don't need to be writeable after starting the program. relro >>>>> reorders the output sections so that they are grouped together, = and >>>>> rtld remaps them read-only on start. This is often called "partial >>>>> relro." I don't know of any real downside to enabling it, other = than >>>>> it could possibly break some strangely built third party software. >>>>> It's been enabled on other platforms for quite some time though = and I >>>>> doubt we'd run into new issues. >>>>>=20 >>>>> It doesn't bring a huge benefit by itself though; the PLT is still >>>>> writeable. Adding "-z now" to the linker invocation produces "full >>>>> relro" which makes the PLT read-only too. It has a negative impact = on >>>>> process start-up time though. >>>>=20 >>>>=20 >>>> Sounds like this has implications for all the RTLD on all our >>>> architectures. Has this been tested across all of them? >>>>=20 >>>=20 >>> It affects anything ELF yes, but AFAICT the change is platform = independent. >>=20 >> That's a different answer than 'it's been tested on all platforms and >> it's fine.' >>=20 >=20 > It's the best answer I have. I=E2=80=99d politely suggest that we solicit help to get a better = answer. > I will test running buildworld on i386. If you can kindly test on = other platforms, it would be very welcome. I might be able to do armv6, but I have no time to do mips. The mailing = lists for them might get results faster since I=E2=80=99m kinda swamped. = And since the powerpc guys are around and active, it wouldn=E2=80=99t = hurt to send it there too. > In any case I will not commit anything unless there is complete > consensus, which is why I asked in this list in the first place :). Yea. This should be easy enough to test to make sure there=E2=80=99s no = weird gotchas. Warner --Apple-Mail=_C877F52B-651B-49E8-9D70-802518B443E9 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXwHNvAAoJEGwc0Sh9sBEAqBcP/2HRcY5tTsor7VdVE8r54Cns thkTIRzcEDTHIp3SLV0kJE6IqIKD5zNG1hbRK44Wk4/hINkquzx2Olq4/fKHKGAV 7RAxN950FQ0kZVlHhg5bQc6tZsZe/KOFRAl672FBpUNvYH5DgI0lHEsnAyJ25M7J OjvVkCRLhR2G4yceHQ8g0OhZ/+sJVHYvMunpiVNMrevc9319TDr3U8OClMp5DOnH t9AYcSHeH1rsL0ETitMDRw495hzrSfCfMPSO1TGNInZOB47TuHoDn8yjvzAgVsmc E9x53Ky0lMhH+WYVw94wf6w29Tzmna/bE/ahM4/9q4JB8kCKCJMg+xaAlzhC0zON uD30+vadhSBsP7hNfEY/gBpmcbLNqm1sn7DBfXCwC7Q+9IYIb3JBlKjacxXCKlmC hIOx6rzFdqdXaPxuelHczULYZftGy64NfdG/HFHyKJcCVct8Lds36TZHgu3ZGnzf Iz7/E7Rc8oY2f6MoXcLjx2VPArZYt1tEkMZwB71PMeA3guLdjDIVOfT1lZQPrZ0j Q3oyF6rD/HDfzitFEapaUbiNS9H5DeZnySsJfVHSBpGgaq2D9DrdLuyI76fcfWFZ c1bfE/DdVTqZDk8F3kjqbQX5coKEkve1PnQbuo8EwioAZCuw91/4rZQw2KWhgCpg Nf/JXn/5OMj2y9bpoIxE =Ih1T -----END PGP SIGNATURE----- --Apple-Mail=_C877F52B-651B-49E8-9D70-802518B443E9--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?486AA283-9E0B-4566-92B7-56919FA2BECF>