From owner-freebsd-toolchain@freebsd.org Fri Aug 26 14:36:34 2016 Return-Path: Delivered-To: freebsd-toolchain@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4B8AFB71AFF for ; Fri, 26 Aug 2016 14:36:34 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-it0-x233.google.com (mail-it0-x233.google.com [IPv6:2607:f8b0:4001:c0b::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1587FB92; Fri, 26 Aug 2016 14:36:34 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-it0-x233.google.com with SMTP id g62so11816796ith.1; Fri, 26 Aug 2016 07:36:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=CGZcrGJRR5JSAu/ByzihxoVrZMO5w9PZpMKSfFv+lis=; b=ulPrHiU2AqRT0tmIsjG5f7LjtrZ7sDXy4KwFqFvOmOcbOClDqKDp6aS8RGV8TTNINA OkfRUyoiy9sAJFRQ1JL7Vo08pSTEYumXtrHtZTf86ofFj8agXChDv/a2EMmlDx329jWR lngerO4U6DAbzYi7sq7k8gHB27XPnDrUkfXrv1SS5zU4+a0+dUWFAxQcxdrh+tXkX2q+ DklO8VXJHr+42x/qfBBY0qxJTQgbTgkNhVVHZykhuF+MiDiI/gVCHNkYWGwFk2A7kbdj PvYTaR3U1IOy2UrcFy+7sB6SUMrm11Tb4/bdn48p20eu5dRCPndNQFx7SQg6Axg6PvyO L75A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=CGZcrGJRR5JSAu/ByzihxoVrZMO5w9PZpMKSfFv+lis=; b=N0c+DluF46Fi3NepA2fS6gEfoy9Q7uRJZ1hSH7ZoVeXmLYrjkMZbaO8hl8nN3C/d46 2oeabVq1TV/PvAW0B4b6hnW2O6CnDcM3U0OmcKkm8gx1dHSbwSUAUf51JKGYZD3pvsu/ 8p4Ue86eTk6/zEuWDtY979miTFnPwarjX6m0EMfOyBSovwAeTxU5iMxz5zg4SupbJK8p fDTCLmRnemoP/L445MElHJHqsOFyByzGWEoHRwsMxNipGSuagLUX2TebHh6Ds/z5G7rM ZSEj6MH/qufnVPj7yNqf2N6O6/+Sy0iw1M6nveODdEeL6QrDg3tkNfgEjqRN6JVVje8f iXVw== X-Gm-Message-State: AE9vXwON1T3iTbJRrNbNZLRHaMVVghDy0nBXrLXxaj4dLzgu79WCH8k/9Cpt3krE6XVu/3jk45YjzlR2mD6uQQ== X-Received: by 10.36.10.145 with SMTP id 139mr12697020itw.68.1472222193488; Fri, 26 Aug 2016 07:36:33 -0700 (PDT) MIME-Version: 1.0 Sender: carpeddiem@gmail.com Received: by 10.107.138.28 with HTTP; Fri, 26 Aug 2016 07:36:13 -0700 (PDT) In-Reply-To: References: From: Ed Maste Date: Fri, 26 Aug 2016 10:36:13 -0400 X-Google-Sender-Auth: g21sPAwiz5msXUfD4V0xZno2v-w Message-ID: Subject: Re: Time to enable partial relro To: Warner Losh Cc: Pedro Giffuni , "freebsd-toolchain@FreeBSD.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-toolchain@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Maintenance of FreeBSD's integrated toolchain List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Aug 2016 14:36:34 -0000 On 26 August 2016 at 10:18, Warner Losh wrote: > > So what's the summary of why we'd want to do that? What benefit does it bring? > Sure, other folks do it, but why? It's a relatively low cost technique to mitigate certain vulnerabilities. rtld needs to write to some sections during load but they don't need to be writeable after starting the program. relro reorders the output sections so that they are grouped together, and rtld remaps them read-only on start. This is often called "partial relro." I don't know of any real downside to enabling it, other than it could possibly break some strangely built third party software. It's been enabled on other platforms for quite some time though and I doubt we'd run into new issues. It doesn't bring a huge benefit by itself though; the PLT is still writeable. Adding "-z now" to the linker invocation produces "full relro" which makes the PLT read-only too. It has a negative impact on process start-up time though.