From owner-freebsd-hackers@FreeBSD.ORG Fri Jul 24 13:49:54 2009 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1D68F106564A for ; Fri, 24 Jul 2009 13:49:54 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: from palm.hoeg.nl (mx0.hoeg.nl [IPv6:2001:7b8:613:100::211]) by mx1.freebsd.org (Postfix) with ESMTP id AAAE68FC0A for ; Fri, 24 Jul 2009 13:49:53 +0000 (UTC) (envelope-from ed@hoeg.nl) Received: by palm.hoeg.nl (Postfix, from userid 1000) id 1F6261CD95; Fri, 24 Jul 2009 15:49:53 +0200 (CEST) Date: Fri, 24 Jul 2009 15:49:53 +0200 From: Ed Schouten To: Jeremie Le Hen Message-ID: <20090724134953.GW68469@hoeg.nl> References: <20090508214117.GY58540@hoeg.nl> <20090509113459.GD56667@e.0x20.net> <20090509121313.GA58540@hoeg.nl> <20090724073451.GH54986@felucia.tataz.chchile.org> <20090724081842.GF55190@deviant.kiev.zoral.com.ua> <20090724115404.GI54986@felucia.tataz.chchile.org> <20090724115649.GV68469@hoeg.nl> <20090724130928.GJ54986@felucia.tataz.chchile.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="O3bhLwMadv7h6/J9" Content-Disposition: inline In-Reply-To: <20090724130928.GJ54986@felucia.tataz.chchile.org> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Kostik Belousov , FreeBSD Hackers Subject: Re: concurrent sysctl implementation X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Jul 2009 13:49:54 -0000 --O3bhLwMadv7h6/J9 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * Jeremie Le Hen wrote: > On Fri, Jul 24, 2009 at 01:56:49PM +0200, Ed Schouten wrote: > > * Jeremie Le Hen wrote: > > > On Fri, Jul 24, 2009 at 11:18:42AM +0300, Kostik Belousov wrote: > > > > On Fri, Jul 24, 2009 at 09:34:51AM +0200, Jeremie Le Hen wrote: > > > > > Hi Ed, > > > > >=20 > > > > > Sorry for the late reply. > > > > >=20 > > > > > On Sat, May 09, 2009 at 02:13:13PM +0200, Ed Schouten wrote: > > > > > > We probably could. I think I discussed this with Robert Watson = some time > > > > > > ago and we could use things like ELF hints. But still, that doe= sn't > > > > > > prevent us from reaching this limitation later on. > > > > >=20 > > > > > Can you elaborate a little? Are you talking about elf-hints.h? > > > > > I don't see where we can get randomness from it. > > > >=20 > > > > The thing is called ELF auxillary information vector. It is used to > > > > supply some useful information for interpreter from the kernel, > > > > see include/machine/elf.h for AT_* entries. > > >=20 > > > Ah ok, so the idea is to generate a new hint, for instance AT_RANDOM, > > > generated at link time, that will be used to fill the canary at exec(= 2) > > > time? > >=20 > > Very short answer: yes! >=20 > Ok thanks. But this would make stack protection useless for local > attacks on suid binaries that are world-readable since the attacker > could read the ELF aux vector and compute the canary. =20 Wait wait wait. It seems you were only partially right (and Kostik corrected you): We could add AT_RANDOM, but this value will be filled in by the kernel when starting the process. This means the random value is not stored in the binary. --=20 Ed Schouten WWW: http://80386.nl/ --O3bhLwMadv7h6/J9 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkppvAEACgkQ52SDGA2eCwWvGACdF86HI6hKK8oo6trEzebCc+GB QiMAniwugjKbhFbrfWd+Ihyb/AzTZO47 =Mb3M -----END PGP SIGNATURE----- --O3bhLwMadv7h6/J9--