Date: Fri, 26 Aug 2016 09:01:21 -0600 From: Warner Losh <imp@bsdimp.com> To: Ed Maste <emaste@freebsd.org> Cc: Pedro Giffuni <pfg@freebsd.org>, "freebsd-toolchain@FreeBSD.org" <freebsd-toolchain@freebsd.org> Subject: Re: Time to enable partial relro Message-ID: <CANCZdfp9Roc=MyrD8UO-efKOn5vSsOprM9juw6NeYT2T0Ag0wg@mail.gmail.com> In-Reply-To: <CAPyFy2B3j7h9Cme=8VPs4ogOMgYAWvbyggZ3NMJraz5xoWqiXg@mail.gmail.com> References: <b75890eb-d8bd-759e-002f-ab0c16db0975@FreeBSD.org> <CANCZdfqAmhN1owbo_rDt5xjC%2BbboOHrgu2xDHeZi1P02rX7EwQ@mail.gmail.com> <CAPyFy2B3j7h9Cme=8VPs4ogOMgYAWvbyggZ3NMJraz5xoWqiXg@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On Fri, Aug 26, 2016 at 8:36 AM, Ed Maste <emaste@freebsd.org> wrote: > On 26 August 2016 at 10:18, Warner Losh <imp@bsdimp.com> wrote: >> >> So what's the summary of why we'd want to do that? What benefit does it bring? >> Sure, other folks do it, but why? > > It's a relatively low cost technique to mitigate certain > vulnerabilities. rtld needs to write to some sections during load but > they don't need to be writeable after starting the program. relro > reorders the output sections so that they are grouped together, and > rtld remaps them read-only on start. This is often called "partial > relro." I don't know of any real downside to enabling it, other than > it could possibly break some strangely built third party software. > It's been enabled on other platforms for quite some time though and I > doubt we'd run into new issues. > > It doesn't bring a huge benefit by itself though; the PLT is still > writeable. Adding "-z now" to the linker invocation produces "full > relro" which makes the PLT read-only too. It has a negative impact on > process start-up time though. Sounds like this has implications for all the RTLD on all our architectures. Has this been tested across all of them? Warnerhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfp9Roc=MyrD8UO-efKOn5vSsOprM9juw6NeYT2T0Ag0wg>