From owner-freebsd-toolchain@freebsd.org  Fri Aug 26 15:08:02 2016
Return-Path: <owner-freebsd-toolchain@freebsd.org>
Delivered-To: freebsd-toolchain@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6C768B70451
 for <freebsd-toolchain@mailman.ysv.freebsd.org>;
 Fri, 26 Aug 2016 15:08:02 +0000 (UTC)
 (envelope-from wlosh@bsdimp.com)
Received: from mail-it0-x22a.google.com (mail-it0-x22a.google.com
 [IPv6:2607:f8b0:4001:c0b::22a])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2E7301E8
 for <freebsd-toolchain@freebsd.org>; Fri, 26 Aug 2016 15:08:02 +0000 (UTC)
 (envelope-from wlosh@bsdimp.com)
Received: by mail-it0-x22a.google.com with SMTP id x131so336547282ite.0
 for <freebsd-toolchain@freebsd.org>; Fri, 26 Aug 2016 08:08:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=bsdimp-com.20150623.gappssmtp.com; s=20150623;
 h=mime-version:sender:in-reply-to:references:from:date:message-id
 :subject:to:cc;
 bh=g/FDtkN1cn6D6flW1x6VnvpDQqSbVkMqR/RO2pnvxhA=;
 b=mv/H7m+ipBzAMPU/Zr8hEOkvpFmNRIpF7eOa4fL09/zR6FMRQucoRcuObulgKB9xeb
 uiaSaTsdkN56FxjujnFmlalg2KCjwfDvTSzYEU4J6QdAV3PHmrnPRNY0tHcOE8cIZaWW
 PqYVNB1aR1I2YsPn5Kj+blW43tz0BNWB4/PX6ZELK5VpFUPcjcrtI/iCV1OLvALZRD9u
 amTitq6q2Dod4d8zwo8Zq/w0luvOjnrVe0avcgRCrTVNUBtnXb07C9ZeP6/GVTH/ZEqR
 J7fX2WmjIr7n1JtU2f43IAjON1EcLnUXDAWqJnpGd6XKdGJfmUEY/AzTIFZrM8+ZUf1K
 neFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
 :date:message-id:subject:to:cc;
 bh=g/FDtkN1cn6D6flW1x6VnvpDQqSbVkMqR/RO2pnvxhA=;
 b=h1M+yTzSkKkMrFSAfAIKk5NQ6pywQsU6muIjOgtMQYOOxsuxhsVUDWSFHR7JbkPlvq
 SCR69VyZpYXqgAhPbKSMfgmryMbS1krOKFRMPoGbPh7TnSIFUYeH39Rb7Mx6JYvSj6eM
 5W0OGfe0aQ/aJO9MAbj0kGuC65begHJ7iuf696Wt1DGXDTlPU8BWROcisxBbrGbEMIB/
 VkGRbtsvgr3Nv0/7lfwpxf2VJAJ0/h9TNcg+bspBzePJrLJLQ73Ijgh/48zbSt/J9z9n
 MpNBP6iPyeh7aGRGMGj6gNKT0lmnsOtjnWyJcSudIV2M5+6Pmmw1EkdQBN03PaaxFJ/V
 ejsg==
X-Gm-Message-State: AE9vXwNjnKh+2hVtKzdxgAIRepPDvXIOtp2Uf1rabFv2narz8sCIhs4rS0duv6FvNMJPhsLpyysiSyFfSGgQvw==
X-Received: by 10.107.9.39 with SMTP id j39mr4588083ioi.73.1472224081603; Fri,
 26 Aug 2016 08:08:01 -0700 (PDT)
MIME-Version: 1.0
Sender: wlosh@bsdimp.com
Received: by 10.36.65.7 with HTTP; Fri, 26 Aug 2016 08:08:01 -0700 (PDT)
X-Originating-IP: [69.53.245.200]
In-Reply-To: <6af6f640-a00a-1359-d40f-c62b40eafb9c@FreeBSD.org>
References: <b75890eb-d8bd-759e-002f-ab0c16db0975@FreeBSD.org>
 <CANCZdfqAmhN1owbo_rDt5xjC+bboOHrgu2xDHeZi1P02rX7EwQ@mail.gmail.com>
 <CAPyFy2B3j7h9Cme=8VPs4ogOMgYAWvbyggZ3NMJraz5xoWqiXg@mail.gmail.com>
 <CANCZdfp9Roc=MyrD8UO-efKOn5vSsOprM9juw6NeYT2T0Ag0wg@mail.gmail.com>
 <6af6f640-a00a-1359-d40f-c62b40eafb9c@FreeBSD.org>
From: Warner Losh <imp@bsdimp.com>
Date: Fri, 26 Aug 2016 09:08:01 -0600
X-Google-Sender-Auth: rIMVC8aWwNnrWUYbbSFTseBJg0s
Message-ID: <CANCZdfpQbAe8pnxZuCab0JoW5ByGbVbKtEJjrBmL=-kMdg_PnA@mail.gmail.com>
Subject: Re: Time to enable partial relro
To: Pedro Giffuni <pfg@freebsd.org>
Cc: Ed Maste <emaste@freebsd.org>, 
 "freebsd-toolchain@FreeBSD.org" <freebsd-toolchain@freebsd.org>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: freebsd-toolchain@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Maintenance of FreeBSD's integrated toolchain
 <freebsd-toolchain.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-toolchain>, 
 <mailto:freebsd-toolchain-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-toolchain/>
List-Post: <mailto:freebsd-toolchain@freebsd.org>
List-Help: <mailto:freebsd-toolchain-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-toolchain>, 
 <mailto:freebsd-toolchain-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Aug 2016 15:08:02 -0000

On Fri, Aug 26, 2016 at 9:06 AM, Pedro Giffuni <pfg@freebsd.org> wrote:
>
>
> On 08/26/16 10:01, Warner Losh wrote:
>>
>> On Fri, Aug 26, 2016 at 8:36 AM, Ed Maste <emaste@freebsd.org> wrote:
>>>
>>> On 26 August 2016 at 10:18, Warner Losh <imp@bsdimp.com> wrote:
>>>>
>>>>
>>>> So what's the summary of why we'd want to do that? What benefit does it
>>>> bring?
>>>> Sure, other folks do it, but why?
>>>
>>>
>>> It's a relatively low cost technique to mitigate certain
>>> vulnerabilities. rtld needs to write to some sections during load but
>>> they don't need to be writeable after starting the program. relro
>>> reorders the output sections so that they are grouped together, and
>>> rtld remaps them read-only on start. This is often called "partial
>>> relro." I don't know of any real downside to enabling it, other than
>>> it could possibly break some strangely built third party software.
>>> It's been enabled on other platforms for quite some time though and I
>>> doubt we'd run into new issues.
>>>
>>> It doesn't bring a huge benefit by itself though; the PLT is still
>>> writeable. Adding "-z now" to the linker invocation produces "full
>>> relro" which makes the PLT read-only too. It has a negative impact on
>>> process start-up time though.
>>
>>
>> Sounds like this has implications for all the RTLD on all our
>> architectures. Has this been tested across all of them?
>>
>
> It affects anything ELF yes, but AFAICT the change is platform independent.

That's a different answer than 'it's been tested on all platforms and
it's fine.'

Warner