Date: Fri, 26 Aug 2016 10:20:29 -0500 From: Pedro Giffuni <pfg@FreeBSD.org> To: Warner Losh <imp@bsdimp.com> Cc: Ed Maste <emaste@freebsd.org>, "freebsd-toolchain@FreeBSD.org" <freebsd-toolchain@freebsd.org> Subject: Re: Time to enable partial relro Message-ID: <3995b10f-f9dc-ff85-9575-5e421884816c@FreeBSD.org> In-Reply-To: <CANCZdfpQbAe8pnxZuCab0JoW5ByGbVbKtEJjrBmL=-kMdg_PnA@mail.gmail.com> References: <b75890eb-d8bd-759e-002f-ab0c16db0975@FreeBSD.org> <CANCZdfqAmhN1owbo_rDt5xjC%2BbboOHrgu2xDHeZi1P02rX7EwQ@mail.gmail.com> <CAPyFy2B3j7h9Cme=8VPs4ogOMgYAWvbyggZ3NMJraz5xoWqiXg@mail.gmail.com> <CANCZdfp9Roc=MyrD8UO-efKOn5vSsOprM9juw6NeYT2T0Ag0wg@mail.gmail.com> <6af6f640-a00a-1359-d40f-c62b40eafb9c@FreeBSD.org> <CANCZdfpQbAe8pnxZuCab0JoW5ByGbVbKtEJjrBmL=-kMdg_PnA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/26/16 10:08, Warner Losh wrote: > On Fri, Aug 26, 2016 at 9:06 AM, Pedro Giffuni <pfg@freebsd.org> wrote: >> >> >> On 08/26/16 10:01, Warner Losh wrote: >>> >>> On Fri, Aug 26, 2016 at 8:36 AM, Ed Maste <emaste@freebsd.org> wrote: >>>> >>>> On 26 August 2016 at 10:18, Warner Losh <imp@bsdimp.com> wrote: >>>>> >>>>> >>>>> So what's the summary of why we'd want to do that? What benefit does it >>>>> bring? >>>>> Sure, other folks do it, but why? >>>> >>>> >>>> It's a relatively low cost technique to mitigate certain >>>> vulnerabilities. rtld needs to write to some sections during load but >>>> they don't need to be writeable after starting the program. relro >>>> reorders the output sections so that they are grouped together, and >>>> rtld remaps them read-only on start. This is often called "partial >>>> relro." I don't know of any real downside to enabling it, other than >>>> it could possibly break some strangely built third party software. >>>> It's been enabled on other platforms for quite some time though and I >>>> doubt we'd run into new issues. >>>> >>>> It doesn't bring a huge benefit by itself though; the PLT is still >>>> writeable. Adding "-z now" to the linker invocation produces "full >>>> relro" which makes the PLT read-only too. It has a negative impact on >>>> process start-up time though. >>> >>> >>> Sounds like this has implications for all the RTLD on all our >>> architectures. Has this been tested across all of them? >>> >> >> It affects anything ELF yes, but AFAICT the change is platform independent. > > That's a different answer than 'it's been tested on all platforms and > it's fine.' > It's the best answer I have. I will test running buildworld on i386. If you can kindly test on other platforms, it would be very welcome. In any case I will not commit anything unless there is complete consensus, which is why I asked in this list in the first place :). Pedro.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3995b10f-f9dc-ff85-9575-5e421884816c>