Site Navigation

Date:      Tue, 25 Aug 2015 15:40:17 +0200
From:      Oliver Pinter <oliver.pinter@hardenedbsd.org>
To:        soc-status@freebsd.org
Cc:        Pedro Giffuni <pfg@freebsd.org>, Oliver Pinter <oliver.pntr@gmail.com>
Subject:   FreeBSD libc security extensions - final status
Message-ID:  <CAPQ4ffvRgrhiVDp0y98MsLiYK7TLTV9ry-Ojh%2BYaQ6jLe-%2Bqdg@mail.gmail.com>

---

next in thread | raw e-mail | index | archive | help

---

Dear All!

This is the final status report of the "FreeBSD libc security
extensions" project. My mentor is Pedro Giffuni.

Since the first milestone, we decided to change the scheduling, and
focus more on fixing the FORTIFY_SOURCE with clang and on the
FORTIFY_SOURCE triggered errors both in base system and in ports.

In overall, we have a good advance, and we added the following
fortified functions:

sys/poll.h related:
        int     __poll_chk(struct pollfd *, nfds_t, int, size_t);
        int     __ppoll_chk(struct pollfd *, nfds_t, const struct
timespec *, const sigset_t *, size_t);

sys/socket.h related:
        ssize_t  __recvfrom_chk(int, void *, size_t, size_t, int,
struct sockaddr * __restrict, socklen_t * __restrict);

sys/stat.h related:
        extern mode_t __umask_chk(mode_t);

stdio.h related:
        char     *__fgets_chk(char *, int, FILE *, size_t);
        size_t   __fread_chk(void * __restrict, size_t, size_t, FILE *
__restrict, size_t);
        size_t   __fwrite_chk(const void * __restrict, size_t, size_t,
FILE * __restrict, size_t);
        int      __sprintf_chk(char * __restrict, int, size_t, const
char * __restrict, ...);
        int      __vsprintf_chk(char * __restrict, int, size_t, const
char * __restrict, __va_list);
        int      __snprintf_chk(char * __restrict, size_t, int,
size_t, const char * __restrict, ...);
        int      __vsnprintf_chk(char * __restrict, size_t, int,
size_t, const char * __restrict, __va_list);

string.h related:
        void    *__memccpy_chk(void *, const void *, int, size_t, size_t);
        void    *__memchr_chk(const void *, int, size_t, size_t);
        void    *__memcpy_chk(void *, const void *, size_t, size_t);
        void    *__memmove_chk(void *, const void *, size_t, size_t);
        void    *__memrchr_chk(const void *, int, size_t, size_t);
        void    *__memset_chk(void *, int, size_t, size_t);
        char    *__strcat_chk(char *__restrict, const char *__restrict, size_t);
        char    *__strncat_chk(char *__restrict, const char
*__restrict, size_t, size_t);
        char    *__stpcpy_chk(char *, const char *, size_t);
        char    *__stpncpy_chk(char * __restrict, const char *
__restrict, size_t, size_t);
        char    *__stpncpy_chk2(char * __restrict, const char *
__restrict, size_t, size_t, size_t);
        char    *__strcpy_chk(char *, const char *, size_t);
        char    *__strncpy_chk(char *, const char *, size_t, size_t);
        char    *__strncpy_chk2(char * __restrict, const char *
__restrict, size_t, size_t, size_t);
        size_t   __strlcpy_chk(char *, const char *, size_t, size_t);
        size_t   __strlcat_chk(char * __restrict, const char *
__restrict, size_t, size_t);
        size_t   __strlen_chk(const char *, size_t);
        char    *__strchr_chk(const char *, int, size_t);
        char    *__strchrnul_chk(const char *, int, size_t);
        char    *__strrchr_chk(const char *, int, size_t);

strings.h related:
        void    *__bcopy_chk(void *, const void *, size_t, size_t);
        void    *__bzero_chk(void *, int, size_t, size_t);
        char    *__rindex_chk(const char *, int, size_t);

unistd.h relared:
        char    *__getcwd_chk(char*, size_t, size_t);
        ssize_t  __pread_chk(int, void *, size_t, off_t, size_t);
        ssize_t  __read_chk(int, void *, size_t, size_t);
        ssize_t  __readlink_chk(const char *, char *, size_t, size_t);
        ssize_t  __readlinkat_chk(int, const char *, char *, size_t, size_t);

All of these implementation have tested with clang and with gcc-4.2. I
tested on amd64 with both clang and gcc, and Pedro tested with "make
tinderbox". We asked a exp-run from ports guys.
During these tests we observed some build environment problem[1],
badly written codes and real buffer overflows. All of these have
patches or PRs.

exp-run:
        https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202311

PRs:
        editors/emacs* - misused umask() parameter -
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202574
        mail/ifile - broken #undef __OPTIMIZE__ -
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202572
        net-p2p/namecoin - broken code -
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202603
        libdtrace - buffer overflow -
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201657

Fixes:
        hyperv tools - uninitialized parameter -
https://github.com/freebsd/freebsd/commit/4485ab4d3d63c821390eecb708c6ba6bfccdbe8f
        sys build framework[1] - badly passed compiler parameter -
https://github.com/freebsd/freebsd/commit/057f55aa4b0390ec8926744ec9dbac8dde9dfa99
        wall, syslogd - buffer overflow -
https://github.com/freebsd/freebsd/commit/8597d814df1fcc6d7e612a9da2dfc99025f98867

TODO:
        * Create a user friendly error reporting, when the
FORTIFY_SOURCE catches an error. Currently it just kill the program,
and add not too verbose error line to syslog. We have asked Ed Master
about using the execinfo stuff in libc, but he does not answered till
yet.
        * Create a proper man page about fortify_source.

Last, but not least I like to say thanks to my mentor Pedro, for the
helps and test!

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPQ4ffvRgrhiVDp0y98MsLiYK7TLTV9ry-Ojh%2BYaQ6jLe-%2Bqdg>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact