From owner-freebsd-toolchain@freebsd.org Fri Aug 26 15:20:27 2016 Return-Path: Delivered-To: freebsd-toolchain@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DB247B708EA for ; Fri, 26 Aug 2016 15:20:27 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from nm2-vm1.bullet.mail.bf1.yahoo.com (nm2-vm1.bullet.mail.bf1.yahoo.com [98.139.213.158]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 916B5B8D for ; Fri, 26 Aug 2016 15:20:27 +0000 (UTC) (envelope-from pfg@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1472224820; bh=/FXIB4mkdHUltcHuNAtyiKoRd1qcW4oW6OTI2cYJsqQ=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject; b=VPOqeH/ATqkmKLjFh20cgU1AP7l+exrLd63mA4lEBnlX5MQAe/cXN4YNSlZRm0VyHzxIvwCGoErZc0PzrEWt5vyxfK88m0w/nUMfvLev3VGczPXdTWpkSsUPbfRvefyS4WV37DV3y/u53mGfVEGIaUT7ZayMYRFdd8pP/5RLAq2jjuSJI1C2rpQpA+1TmwmnikqwTXtNJKnoFwjO0/kxlkt7xqiyFHoCocgBX1P315YYwP1FM2bAzuOGcXRPvDGT04HC9r1tKnbZJWbW0On3/HMdFJHh3sZYEkPpsyKawzdfaKPPaTDFOjD6ZfNl1o5IjExjdbZpaQzke7vSlp6akQ== Received: from [98.139.170.182] by nm2.bullet.mail.bf1.yahoo.com with NNFMP; 26 Aug 2016 15:20:20 -0000 Received: from [68.142.230.65] by tm25.bullet.mail.bf1.yahoo.com with NNFMP; 26 Aug 2016 15:20:20 -0000 Received: from [127.0.0.1] by smtp222.mail.bf1.yahoo.com with NNFMP; 26 Aug 2016 15:20:20 -0000 X-Yahoo-Newman-Id: 116459.41620.bm@smtp222.mail.bf1.yahoo.com X-Yahoo-Newman-Property: ymail-3 X-YMail-OSG: u4hGY20VM1mX23mVjw4V_IGgoujSp_F3PMRkAeD3Jh_u.zw EpsDtWDaBUb1bcQAzE6N6oIa2Tsy7V2786wvBCDrFDCJw4HF8ersvhHr7tf6 LtZQhq8F0pl5kiPT4RJ_8Fq7MkzDSrP9e8qCW.ch.liSn41kNJWJzI7byWOD fOD.TrtgQPH.s9ZQPZfUnnSRRhac_UtjQvzVxW0zQmbpQt53a2lDI.lbFU4Z Amj4Cs7tZmT5VcWxNfkLuIW5B54SvGVBo.LUnTkTMdTiS5IbauCvYD8JsQR2 KgRLsduqRPtpcl1OZmxmv.fb13FCJay0.Wit178uK97zcuK3RWeQ48qHIXiM 8kKGLS5ZscreQxKQ93JCZ3H0E836sW_vw36n6G8NgexPKc9.kTOl0BdAXzlp T5ExSDMx8mlcMQWJwIFdZWNS4AwvdgcW9XBajaRGyltZ.H4t33oTpnZyMmIj OKBnxWaCqFxLj1MY9ZnZ5F2liXq56Kb9h0I7bYXqENRjnEa3GR31MaMW0fmA 75y2dr1l3F8jyyU_G1el.fWb5PbhgKUOqOMeXXQOU0CXqkQ-- X-Yahoo-SMTP: xcjD0guswBAZaPPIbxpWwLcp9Unf Subject: Re: Time to enable partial relro To: Warner Losh References: <6af6f640-a00a-1359-d40f-c62b40eafb9c@FreeBSD.org> Cc: Ed Maste , "freebsd-toolchain@FreeBSD.org" From: Pedro Giffuni Message-ID: <3995b10f-f9dc-ff85-9575-5e421884816c@FreeBSD.org> Date: Fri, 26 Aug 2016 10:20:29 -0500 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-toolchain@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Maintenance of FreeBSD's integrated toolchain List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Aug 2016 15:20:28 -0000 On 08/26/16 10:08, Warner Losh wrote: > On Fri, Aug 26, 2016 at 9:06 AM, Pedro Giffuni wrote: >> >> >> On 08/26/16 10:01, Warner Losh wrote: >>> >>> On Fri, Aug 26, 2016 at 8:36 AM, Ed Maste wrote: >>>> >>>> On 26 August 2016 at 10:18, Warner Losh wrote: >>>>> >>>>> >>>>> So what's the summary of why we'd want to do that? What benefit does it >>>>> bring? >>>>> Sure, other folks do it, but why? >>>> >>>> >>>> It's a relatively low cost technique to mitigate certain >>>> vulnerabilities. rtld needs to write to some sections during load but >>>> they don't need to be writeable after starting the program. relro >>>> reorders the output sections so that they are grouped together, and >>>> rtld remaps them read-only on start. This is often called "partial >>>> relro." I don't know of any real downside to enabling it, other than >>>> it could possibly break some strangely built third party software. >>>> It's been enabled on other platforms for quite some time though and I >>>> doubt we'd run into new issues. >>>> >>>> It doesn't bring a huge benefit by itself though; the PLT is still >>>> writeable. Adding "-z now" to the linker invocation produces "full >>>> relro" which makes the PLT read-only too. It has a negative impact on >>>> process start-up time though. >>> >>> >>> Sounds like this has implications for all the RTLD on all our >>> architectures. Has this been tested across all of them? >>> >> >> It affects anything ELF yes, but AFAICT the change is platform independent. > > That's a different answer than 'it's been tested on all platforms and > it's fine.' > It's the best answer I have. I will test running buildworld on i386. If you can kindly test on other platforms, it would be very welcome. In any case I will not commit anything unless there is complete consensus, which is why I asked in this list in the first place :). Pedro.