This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables

From: Florian Weimer <fweimer at redhat dot com>
To: Joseph Myers <joseph at codesourcery dot com>
Cc: Kees Cook <keescook at chromium dot org>, libc-alpha <libc-alpha at sourceware dot org>, Mike Frysinger <vapier at gentoo dot org>, Adam Conrad <adconrad at 0c3 dot net>
Date: Thu, 15 Oct 2015 19:43:34 +0200
Subject: Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
Authentication-results: sourceware.org; auth=none
References: <20151001184048 dot GA31563 at www dot outflux dot net> <560D8108 dot 6060802 at redhat dot com> <CAGXu5jLi7iW+543YD7ySDb7Yq+_2SfGW8q3z50p4C3Usg5dC0w at mail dot gmail dot com> <560D8A2F dot 8020900 at redhat dot com> <CAGXu5jLCBUKaXoX3Dy1dcEc9bd0WcXAZU32zOaEHXechEfNuxg at mail dot gmail dot com> <560D943C dot 40301 at redhat dot com> <CAGXu5jKNssVif3=JsufU0a_tQpcURVgdDjDdHUkRmY1PQdv7LQ at mail dot gmail dot com> <561FA2CA dot 1050309 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1510151523160 dot 32402 at digraph dot polyomino dot org dot uk> <561FC841 dot 8060401 at redhat dot com> <alpine dot DEB dot 2 dot 10 dot 1510151541590 dot 32402 at digraph dot polyomino dot org dot uk> <561FD146 dot 2060808 at redhat dot com>

On 10/15/2015 06:16 PM, Florian Weimer wrote:
> If we can detect that a binary references these symbols:
> 
> _IO_file_init@GLIBC_2.1
> _IO_init@GLIBC_2.0
> _IO_str_init_readonly@GLIBC_2.0
> _IO_str_init_static@GLIBC_2.0
> 
> we can disable vtable hardening globally.  This would not cover the
> scenario where the binary dlopens something that uses an old libstdc++
> (linked statically or dynamically) later, but it would provide
> compatibility where a copy of libstdc++ is pulled in through DT_NEEDED.

This just occurred to me:

If we use the array-of-vtables approach I mentioned earlier (a range
check on the vtable pointer, as opposed to PTR_MANGLE/PTR_DEMANGLE), we
could enable that until one of the functions list above is called.  As a
result, we would have both vtable hardening *and* full backwards
compatibility.

We just need a safe way to store the flag and reset it if needed (see
the previous thread, “Encoding page size in the ELF header” :-).  For a
start, we could simply use a global variable.

And the change adds more than one instruction, we should benchmark a few
functions like fread_unlocked or fflush_unlocked to see if it has
measurable impact.

Florian

References:
- [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Kees Cook
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Florian Weimer
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Kees Cook
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Florian Weimer
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Kees Cook
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Florian Weimer
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Kees Cook
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Florian Weimer
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Joseph Myers
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Florian Weimer
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Joseph Myers
- Re: [PATCH v2] libio: use PTR_MANGLE/PTR_DEMANGLE for FILE vtables
  - From: Florian Weimer

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]