Date: Fri, 26 Aug 2016 10:50:55 -0600 From: Warner Losh <wlosh@bsdimp.com> To: Pedro Giffuni <pfg@FreeBSD.org> Cc: Warner Losh <imp@bsdimp.com>, Ed Maste <emaste@freebsd.org>, "freebsd-toolchain@FreeBSD.org" <freebsd-toolchain@freebsd.org> Subject: Re: Time to enable partial relro Message-ID: <486AA283-9E0B-4566-92B7-56919FA2BECF@bsdimp.com> In-Reply-To: <3995b10f-f9dc-ff85-9575-5e421884816c@FreeBSD.org> References: <b75890eb-d8bd-759e-002f-ab0c16db0975@FreeBSD.org> <CANCZdfqAmhN1owbo_rDt5xjC%2BbboOHrgu2xDHeZi1P02rX7EwQ@mail.gmail.com> <CAPyFy2B3j7h9Cme=8VPs4ogOMgYAWvbyggZ3NMJraz5xoWqiXg@mail.gmail.com> <CANCZdfp9Roc=MyrD8UO-efKOn5vSsOprM9juw6NeYT2T0Ag0wg@mail.gmail.com> <6af6f640-a00a-1359-d40f-c62b40eafb9c@FreeBSD.org> <CANCZdfpQbAe8pnxZuCab0JoW5ByGbVbKtEJjrBmL=-kMdg_PnA@mail.gmail.com> <3995b10f-f9dc-ff85-9575-5e421884816c@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] > On Aug 26, 2016, at 9:20 AM, Pedro Giffuni <pfg@FreeBSD.org> wrote: > > > > On 08/26/16 10:08, Warner Losh wrote: >> On Fri, Aug 26, 2016 at 9:06 AM, Pedro Giffuni <pfg@freebsd.org> wrote: >>> >>> >>> On 08/26/16 10:01, Warner Losh wrote: >>>> >>>> On Fri, Aug 26, 2016 at 8:36 AM, Ed Maste <emaste@freebsd.org> wrote: >>>>> >>>>> On 26 August 2016 at 10:18, Warner Losh <imp@bsdimp.com> wrote: >>>>>> >>>>>> >>>>>> So what's the summary of why we'd want to do that? What benefit does it >>>>>> bring? >>>>>> Sure, other folks do it, but why? >>>>> >>>>> >>>>> It's a relatively low cost technique to mitigate certain >>>>> vulnerabilities. rtld needs to write to some sections during load but >>>>> they don't need to be writeable after starting the program. relro >>>>> reorders the output sections so that they are grouped together, and >>>>> rtld remaps them read-only on start. This is often called "partial >>>>> relro." I don't know of any real downside to enabling it, other than >>>>> it could possibly break some strangely built third party software. >>>>> It's been enabled on other platforms for quite some time though and I >>>>> doubt we'd run into new issues. >>>>> >>>>> It doesn't bring a huge benefit by itself though; the PLT is still >>>>> writeable. Adding "-z now" to the linker invocation produces "full >>>>> relro" which makes the PLT read-only too. It has a negative impact on >>>>> process start-up time though. >>>> >>>> >>>> Sounds like this has implications for all the RTLD on all our >>>> architectures. Has this been tested across all of them? >>>> >>> >>> It affects anything ELF yes, but AFAICT the change is platform independent. >> >> That's a different answer than 'it's been tested on all platforms and >> it's fine.' >> > > It's the best answer I have. I’d politely suggest that we solicit help to get a better answer. > I will test running buildworld on i386. If you can kindly test on other platforms, it would be very welcome. I might be able to do armv6, but I have no time to do mips. The mailing lists for them might get results faster since I’m kinda swamped. And since the powerpc guys are around and active, it wouldn’t hurt to send it there too. > In any case I will not commit anything unless there is complete > consensus, which is why I asked in this list in the first place :). Yea. This should be easy enough to test to make sure there’s no weird gotchas. Warner [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJXwHNvAAoJEGwc0Sh9sBEAqBcP/2HRcY5tTsor7VdVE8r54Cns thkTIRzcEDTHIp3SLV0kJE6IqIKD5zNG1hbRK44Wk4/hINkquzx2Olq4/fKHKGAV 7RAxN950FQ0kZVlHhg5bQc6tZsZe/KOFRAl672FBpUNvYH5DgI0lHEsnAyJ25M7J OjvVkCRLhR2G4yceHQ8g0OhZ/+sJVHYvMunpiVNMrevc9319TDr3U8OClMp5DOnH t9AYcSHeH1rsL0ETitMDRw495hzrSfCfMPSO1TGNInZOB47TuHoDn8yjvzAgVsmc E9x53Ky0lMhH+WYVw94wf6w29Tzmna/bE/ahM4/9q4JB8kCKCJMg+xaAlzhC0zON uD30+vadhSBsP7hNfEY/gBpmcbLNqm1sn7DBfXCwC7Q+9IYIb3JBlKjacxXCKlmC hIOx6rzFdqdXaPxuelHczULYZftGy64NfdG/HFHyKJcCVct8Lds36TZHgu3ZGnzf Iz7/E7Rc8oY2f6MoXcLjx2VPArZYt1tEkMZwB71PMeA3guLdjDIVOfT1lZQPrZ0j Q3oyF6rD/HDfzitFEapaUbiNS9H5DeZnySsJfVHSBpGgaq2D9DrdLuyI76fcfWFZ c1bfE/DdVTqZDk8F3kjqbQX5coKEkve1PnQbuo8EwioAZCuw91/4rZQw2KWhgCpg Nf/JXn/5OMj2y9bpoIxE =Ih1T -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?486AA283-9E0B-4566-92B7-56919FA2BECF>