Date: Fri, 26 Aug 2016 15:36:39 +0100 From: David Chisnall <theraven@FreeBSD.org> To: Warner Losh <imp@bsdimp.com> Cc: Pedro Giffuni <pfg@freebsd.org>, "freebsd-toolchain@FreeBSD.org" <freebsd-toolchain@freebsd.org> Subject: Re: Time to enable partial relro Message-ID: <0DDF18BF-E867-4275-AC5F-D52E5B543BD7@FreeBSD.org> In-Reply-To: <CANCZdfqAmhN1owbo_rDt5xjC%2BbboOHrgu2xDHeZi1P02rX7EwQ@mail.gmail.com> References: <b75890eb-d8bd-759e-002f-ab0c16db0975@FreeBSD.org> <CANCZdfqAmhN1owbo_rDt5xjC%2BbboOHrgu2xDHeZi1P02rX7EwQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On 26 Aug 2016, at 15:18, Warner Losh <imp@bsdimp.com> wrote:
>
> So what's the summary of why we'd want to do that? What benefit does it bring?
> Sure, other folks do it, but why?
It reduce the attack surface for code reuse attacks: non-PLT GOT entries are read-only and so can’t be manipulated by a memory safety bug. It doesn’t provide much mitigation, but it also doesn’t cost very much - some security for a negligible cost is probably a sensible thing to pick.
When combined with RTLD_NOW, it provides more hardening, but at a much more significant cost (bigger startup times - much bigger for things like OpenOffice or Firefox, some forms of interposition break, and so on). That’s still probably worth it for some things (sshd, for example).
David
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
��
00"kg}0z$F`0
*H
�0u1
0 UIL10U
StartCom Ltd.1)0'U
StartCom Certification Authority1#0!UStartCom Class 1 Client CA0
160419092742Z
170419092742Z0D1
0U
theraven@freebsd.org1#0! *H
theraven@freebsd.org0"0
*H
��0
�
!htֆ
[J
^=*
' :#Y6"ӊ ؊cR_0WZ=Rx4 asPm&0:P2>u=NbLn]E}$$
x
S4ǖRI68RpO֔{\oz;)D=SOM^#;Ԡ*Y߆�mbf/+hBӅuQ@ڭʫ&8@Xm�00U
0
U
%0++0 U
0�0
U
s[Ddp�=
0 U
#0$l9aIF+('Hmh0o+c0a0$+0http://ocsp.startssl.com09+0-http://aia.startssl.com/certs/sca.client1.crt08U
10/0-+)'http://crl.startssl.com/sca-client1.crl0 U
0theraven@freebsd.org0#U
0http://www.startssl.com/0FU
?0=0;
+70,0*+
http://www.startssl.com/policy0
*H
��R1m
=.A#6n-B;w5'
zGL:=E44hOaŹi}l}{f!_Fh+MD
Zu!K&ECE
~PWѥftB+UcEKD&3V]g,}{-) M[_!8jJ&a͒N"jԫt2ךz0ζ=|E?<viA2W9&_u{:u۲\E00ʠk}
Q
Y0
*H
�0}1
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
151216010005Z
301216010005Z0u1
0 UIL10U
StartCom Ltd.1)0'U
StartCom Certification Authority1#0!UStartCom Class 1 Client CA0"0
*H
��0
�}â}[[_
u$Wy5
|̔
vnqY)\aL$dYG|B"QǤĩVD#'F k9O_]*ςz_kU.u3r #:C<ogT
)K
Xah8v[\KqdlO)3+u7J5";[vfL/"2ϩJ#
4ד[U TB,a˖a
7H<�=q�d0`0U
0
U
%0++0U
0�02U
+0)0'%#!http://crl.startssl.com/sfsca.crl0f+Z0X0$+0http://ocsp.startssl.com00+0$http://aia.startssl.com/certs/ca.crt0
U
$l9aIF+('Hmh0 U
#0N
@[i04hCA0?U
80604U
�0,0*+
http://www.startssl.com/policy0
*H
��[#'#4pnR ۡЗN⛭`]K"#H*߷Թψ;UA8 Ҟeg{ozmYE60A
)wXRK6c^-Al^
k[':G=;oLv{$B5;8b,ZP4{o[-j m)[땭[4 s.c|ҴvYLJ<|ӯgu0jD2
@hl+:j\ze_ևa@HyMHINxpK?% 㤺RC:=?^&7m´)
A2;E~V B1$EvcKj؝(OoپU`"$a;ҡj0$&<$ۊ+/xjzb,7}W*1ܺ
tDv#8K
%^P>/i?)yRuQg^z`~sP91N0J00u1
0 UIL10U
StartCom Ltd.1)0'U
StartCom Certification Authority1#0!UStartCom Class 1 Client CA"kg}0z$F`0 +�0 *H
1
*H
0
*H
1
160826143639Z0# *H
1ļ.q
Kˑ5}!;Dr'0 +7100u1
0 UIL10U
StartCom Ltd.1)0'U
StartCom Certification Authority1#0!UStartCom Class 1 Client CA"kg}0z$F`0
*H
10u1
0 UIL10U
StartCom Ltd.1)0'U
StartCom Certification Authority1#0!UStartCom Class 1 Client CA"kg}0z$F`0
*H
��,S/]Ȫ<+9%"Qh{J%A
3
r
>[8wZ(ĸLa%fv6ܒ<Y0!~$4%)Xa$�i7?&^
KM1n2xuO;iAeFܗKfء:U8Vc>H4%+ߊjFH\T[z@
Y'ցV5*m{('!xSi
oU"^U������
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0DDF18BF-E867-4275-AC5F-D52E5B543BD7>