From owner-soc-status@freebsd.org  Tue Aug 25 13:40:24 2015
Return-Path: <owner-soc-status@freebsd.org>
Delivered-To: soc-status@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 669CA9C2401
 for <soc-status@mailman.ysv.freebsd.org>; Tue, 25 Aug 2015 13:40:24 +0000 (UTC)
 (envelope-from oliver.pinter@hardenedbsd.org)
Received: from mail-qg0-f45.google.com (mail-qg0-f45.google.com
 [209.85.192.45])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2F8812A1
 for <soc-status@freebsd.org>; Tue, 25 Aug 2015 13:40:23 +0000 (UTC)
 (envelope-from oliver.pinter@hardenedbsd.org)
Received: by qgeg42 with SMTP id g42so106701365qge.1
 for <soc-status@freebsd.org>; Tue, 25 Aug 2015 06:40:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc
 :content-type;
 bh=tDzWRvIyNK4xtsyy1gCP+Y90cfm0ouyZNsGmlX7RtmI=;
 b=Lz3Uj/lWw+CGSazQ7Z7Or1NVIQdWD91dq+D1GyYZdKOiSHiU70NLBVF9OyqAnmKEjM
 IAxg3WdM9h74sUwmTDv/fgi6qA7bC3u1A3vmc7PUUjI4gkD1KMEdg5LGPXxIs5e6a83L
 brAx8C3x1+BzvzdYTyJH7Kww7ujN1+cjPhlaoAwKSQStxOzL82PndW8XzQecxIsi1epP
 ykBtpYcRmxh3kovilCKTXyIrqmqKgKlqUoFEQ2W+NZZ+wLfbuGmOcBBzJ/4z9caw96rg
 zV02EBGCp0j+M9/CtRL7CTbVycA2d5qlq1jT4gwdEkI5eDMnZAJKeXDd7azXsZEAhivi
 gbow==
X-Gm-Message-State: ALoCoQmijwFPVbG6d3KX+9A4v2RYkQzt5qUMOjxeaLw+cKZXWzTjE3ePJucAETBQmsuo+CeX8Py9
MIME-Version: 1.0
X-Received: by 10.140.235.3 with SMTP id g3mr70324415qhc.56.1440510017192;
 Tue, 25 Aug 2015 06:40:17 -0700 (PDT)
Received: by 10.55.167.5 with HTTP; Tue, 25 Aug 2015 06:40:17 -0700 (PDT)
Date: Tue, 25 Aug 2015 15:40:17 +0200
Message-ID: <CAPQ4ffvRgrhiVDp0y98MsLiYK7TLTV9ry-Ojh+YaQ6jLe-+qdg@mail.gmail.com>
Subject: FreeBSD libc security extensions - final status
From: Oliver Pinter <oliver.pinter@hardenedbsd.org>
To: soc-status@freebsd.org
Cc: Pedro Giffuni <pfg@freebsd.org>, Oliver Pinter <oliver.pntr@gmail.com>
Content-Type: text/plain; charset=UTF-8
X-BeenThere: soc-status@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Summer of Code Status Reports and Discussion <soc-status.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/soc-status>,
 <mailto:soc-status-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/soc-status/>
List-Post: <mailto:soc-status@freebsd.org>
List-Help: <mailto:soc-status-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/soc-status>,
 <mailto:soc-status-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2015 13:40:24 -0000

Dear All!

This is the final status report of the "FreeBSD libc security
extensions" project. My mentor is Pedro Giffuni.

Since the first milestone, we decided to change the scheduling, and
focus more on fixing the FORTIFY_SOURCE with clang and on the
FORTIFY_SOURCE triggered errors both in base system and in ports.

In overall, we have a good advance, and we added the following
fortified functions:

sys/poll.h related:
        int     __poll_chk(struct pollfd *, nfds_t, int, size_t);
        int     __ppoll_chk(struct pollfd *, nfds_t, const struct
timespec *, const sigset_t *, size_t);

sys/socket.h related:
        ssize_t  __recvfrom_chk(int, void *, size_t, size_t, int,
struct sockaddr * __restrict, socklen_t * __restrict);

sys/stat.h related:
        extern mode_t __umask_chk(mode_t);

stdio.h related:
        char     *__fgets_chk(char *, int, FILE *, size_t);
        size_t   __fread_chk(void * __restrict, size_t, size_t, FILE *
__restrict, size_t);
        size_t   __fwrite_chk(const void * __restrict, size_t, size_t,
FILE * __restrict, size_t);
        int      __sprintf_chk(char * __restrict, int, size_t, const
char * __restrict, ...);
        int      __vsprintf_chk(char * __restrict, int, size_t, const
char * __restrict, __va_list);
        int      __snprintf_chk(char * __restrict, size_t, int,
size_t, const char * __restrict, ...);
        int      __vsnprintf_chk(char * __restrict, size_t, int,
size_t, const char * __restrict, __va_list);

string.h related:
        void    *__memccpy_chk(void *, const void *, int, size_t, size_t);
        void    *__memchr_chk(const void *, int, size_t, size_t);
        void    *__memcpy_chk(void *, const void *, size_t, size_t);
        void    *__memmove_chk(void *, const void *, size_t, size_t);
        void    *__memrchr_chk(const void *, int, size_t, size_t);
        void    *__memset_chk(void *, int, size_t, size_t);
        char    *__strcat_chk(char *__restrict, const char *__restrict, size_t);
        char    *__strncat_chk(char *__restrict, const char
*__restrict, size_t, size_t);
        char    *__stpcpy_chk(char *, const char *, size_t);
        char    *__stpncpy_chk(char * __restrict, const char *
__restrict, size_t, size_t);
        char    *__stpncpy_chk2(char * __restrict, const char *
__restrict, size_t, size_t, size_t);
        char    *__strcpy_chk(char *, const char *, size_t);
        char    *__strncpy_chk(char *, const char *, size_t, size_t);
        char    *__strncpy_chk2(char * __restrict, const char *
__restrict, size_t, size_t, size_t);
        size_t   __strlcpy_chk(char *, const char *, size_t, size_t);
        size_t   __strlcat_chk(char * __restrict, const char *
__restrict, size_t, size_t);
        size_t   __strlen_chk(const char *, size_t);
        char    *__strchr_chk(const char *, int, size_t);
        char    *__strchrnul_chk(const char *, int, size_t);
        char    *__strrchr_chk(const char *, int, size_t);

strings.h related:
        void    *__bcopy_chk(void *, const void *, size_t, size_t);
        void    *__bzero_chk(void *, int, size_t, size_t);
        char    *__rindex_chk(const char *, int, size_t);

unistd.h relared:
        char    *__getcwd_chk(char*, size_t, size_t);
        ssize_t  __pread_chk(int, void *, size_t, off_t, size_t);
        ssize_t  __read_chk(int, void *, size_t, size_t);
        ssize_t  __readlink_chk(const char *, char *, size_t, size_t);
        ssize_t  __readlinkat_chk(int, const char *, char *, size_t, size_t);

All of these implementation have tested with clang and with gcc-4.2. I
tested on amd64 with both clang and gcc, and Pedro tested with "make
tinderbox". We asked a exp-run from ports guys.
During these tests we observed some build environment problem[1],
badly written codes and real buffer overflows. All of these have
patches or PRs.

exp-run:
        https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202311

PRs:
        editors/emacs* - misused umask() parameter -
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202574
        mail/ifile - broken #undef __OPTIMIZE__ -
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202572
        net-p2p/namecoin - broken code -
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202603
        libdtrace - buffer overflow -
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201657

Fixes:
        hyperv tools - uninitialized parameter -
https://github.com/freebsd/freebsd/commit/4485ab4d3d63c821390eecb708c6ba6bfccdbe8f
        sys build framework[1] - badly passed compiler parameter -
https://github.com/freebsd/freebsd/commit/057f55aa4b0390ec8926744ec9dbac8dde9dfa99
        wall, syslogd - buffer overflow -
https://github.com/freebsd/freebsd/commit/8597d814df1fcc6d7e612a9da2dfc99025f98867

TODO:
        * Create a user friendly error reporting, when the
FORTIFY_SOURCE catches an error. Currently it just kill the program,
and add not too verbose error line to syslog. We have asked Ed Master
about using the execinfo stuff in libc, but he does not answered till
yet.
        * Create a proper man page about fortify_source.

Last, but not least I like to say thanks to my mentor Pedro, for the
helps and test!