Date: Tue, 25 Aug 2015 15:40:17 +0200 From: Oliver Pinter <oliver.pinter@hardenedbsd.org> To: soc-status@freebsd.org Cc: Pedro Giffuni <pfg@freebsd.org>, Oliver Pinter <oliver.pntr@gmail.com> Subject: FreeBSD libc security extensions - final status Message-ID: <CAPQ4ffvRgrhiVDp0y98MsLiYK7TLTV9ry-Ojh%2BYaQ6jLe-%2Bqdg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Dear All! This is the final status report of the "FreeBSD libc security extensions" project. My mentor is Pedro Giffuni. Since the first milestone, we decided to change the scheduling, and focus more on fixing the FORTIFY_SOURCE with clang and on the FORTIFY_SOURCE triggered errors both in base system and in ports. In overall, we have a good advance, and we added the following fortified functions: sys/poll.h related: int __poll_chk(struct pollfd *, nfds_t, int, size_t); int __ppoll_chk(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *, size_t); sys/socket.h related: ssize_t __recvfrom_chk(int, void *, size_t, size_t, int, struct sockaddr * __restrict, socklen_t * __restrict); sys/stat.h related: extern mode_t __umask_chk(mode_t); stdio.h related: char *__fgets_chk(char *, int, FILE *, size_t); size_t __fread_chk(void * __restrict, size_t, size_t, FILE * __restrict, size_t); size_t __fwrite_chk(const void * __restrict, size_t, size_t, FILE * __restrict, size_t); int __sprintf_chk(char * __restrict, int, size_t, const char * __restrict, ...); int __vsprintf_chk(char * __restrict, int, size_t, const char * __restrict, __va_list); int __snprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, ...); int __vsnprintf_chk(char * __restrict, size_t, int, size_t, const char * __restrict, __va_list); string.h related: void *__memccpy_chk(void *, const void *, int, size_t, size_t); void *__memchr_chk(const void *, int, size_t, size_t); void *__memcpy_chk(void *, const void *, size_t, size_t); void *__memmove_chk(void *, const void *, size_t, size_t); void *__memrchr_chk(const void *, int, size_t, size_t); void *__memset_chk(void *, int, size_t, size_t); char *__strcat_chk(char *__restrict, const char *__restrict, size_t); char *__strncat_chk(char *__restrict, const char *__restrict, size_t, size_t); char *__stpcpy_chk(char *, const char *, size_t); char *__stpncpy_chk(char * __restrict, const char * __restrict, size_t, size_t); char *__stpncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); char *__strcpy_chk(char *, const char *, size_t); char *__strncpy_chk(char *, const char *, size_t, size_t); char *__strncpy_chk2(char * __restrict, const char * __restrict, size_t, size_t, size_t); size_t __strlcpy_chk(char *, const char *, size_t, size_t); size_t __strlcat_chk(char * __restrict, const char * __restrict, size_t, size_t); size_t __strlen_chk(const char *, size_t); char *__strchr_chk(const char *, int, size_t); char *__strchrnul_chk(const char *, int, size_t); char *__strrchr_chk(const char *, int, size_t); strings.h related: void *__bcopy_chk(void *, const void *, size_t, size_t); void *__bzero_chk(void *, int, size_t, size_t); char *__rindex_chk(const char *, int, size_t); unistd.h relared: char *__getcwd_chk(char*, size_t, size_t); ssize_t __pread_chk(int, void *, size_t, off_t, size_t); ssize_t __read_chk(int, void *, size_t, size_t); ssize_t __readlink_chk(const char *, char *, size_t, size_t); ssize_t __readlinkat_chk(int, const char *, char *, size_t, size_t); All of these implementation have tested with clang and with gcc-4.2. I tested on amd64 with both clang and gcc, and Pedro tested with "make tinderbox". We asked a exp-run from ports guys. During these tests we observed some build environment problem[1], badly written codes and real buffer overflows. All of these have patches or PRs. exp-run: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202311 PRs: editors/emacs* - misused umask() parameter - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202574 mail/ifile - broken #undef __OPTIMIZE__ - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202572 net-p2p/namecoin - broken code - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202603 libdtrace - buffer overflow - https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201657 Fixes: hyperv tools - uninitialized parameter - https://github.com/freebsd/freebsd/commit/4485ab4d3d63c821390eecb708c6ba6bfccdbe8f sys build framework[1] - badly passed compiler parameter - https://github.com/freebsd/freebsd/commit/057f55aa4b0390ec8926744ec9dbac8dde9dfa99 wall, syslogd - buffer overflow - https://github.com/freebsd/freebsd/commit/8597d814df1fcc6d7e612a9da2dfc99025f98867 TODO: * Create a user friendly error reporting, when the FORTIFY_SOURCE catches an error. Currently it just kill the program, and add not too verbose error line to syslog. We have asked Ed Master about using the execinfo stuff in libc, but he does not answered till yet. * Create a proper man page about fortify_source. Last, but not least I like to say thanks to my mentor Pedro, for the helps and test!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPQ4ffvRgrhiVDp0y98MsLiYK7TLTV9ry-Ojh%2BYaQ6jLe-%2Bqdg>