Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/sys randomize the location of the rtld.

details:   https://anonhg.NetBSD.org/src/rev/34f9e8e9b1d6
branches:  trunk
changeset: 345412:34f9e8e9b1d6
user:      christos <christos%NetBSD.org@localhost>
date:      Wed May 25 17:25:32 2016 +0000

description:
randomize the location of the rtld.

diffstat:

 sys/kern/exec_elf.c |   6 +++-
 sys/kern/kern_pax.c |  56 +++++++++++++++++++++++++++++++++++++++-------------
 sys/sys/pax.h       |   4 ++-
 3 files changed, 49 insertions(+), 17 deletions(-)

diffs (157 lines):

diff -r 648aec0fd3d8 -r 34f9e8e9b1d6 sys/kern/exec_elf.c
--- a/sys/kern/exec_elf.c       Wed May 25 13:01:11 2016 +0000
+++ b/sys/kern/exec_elf.c       Wed May 25 17:25:32 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: exec_elf.c,v 1.84 2016/05/22 14:26:09 christos Exp $   */
+/*     $NetBSD: exec_elf.c,v 1.85 2016/05/25 17:25:32 christos Exp $   */
 
 /*-
  * Copyright (c) 1994, 2000, 2005, 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.84 2016/05/22 14:26:09 christos Exp $");
+__KERNEL_RCSID(1, "$NetBSD: exec_elf.c,v 1.85 2016/05/25 17:25:32 christos Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_pax.h"
@@ -506,6 +506,8 @@
                    epp->ep_daddr,
                    round_page(limit) - trunc_page(base_ph->p_vaddr),
                    use_topdown);
+               addr += (Elf_Addr)pax_aslr_rtld_offset(epp, base_ph->p_align,
+                   use_topdown);
        } else {
                addr = *last; /* may be ELF_LINK_ADDR */
        }
diff -r 648aec0fd3d8 -r 34f9e8e9b1d6 sys/kern/kern_pax.c
--- a/sys/kern/kern_pax.c       Wed May 25 13:01:11 2016 +0000
+++ b/sys/kern/kern_pax.c       Wed May 25 17:25:32 2016 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_pax.c,v 1.50 2016/05/24 17:30:01 martin Exp $     */
+/*     $NetBSD: kern_pax.c,v 1.51 2016/05/25 17:25:32 christos Exp $   */
 
 /*
  * Copyright (c) 2015 The NetBSD Foundation, Inc.
@@ -57,7 +57,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.50 2016/05/24 17:30:01 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.51 2016/05/25 17:25:32 christos Exp $");
 
 #include "opt_pax.h"
 
@@ -143,7 +143,8 @@
 #define PAX_ASLR_STACK_GAP     0x02
 #define PAX_ASLR_MMAP          0x04
 #define PAX_ASLR_EXEC_OFFSET   0x08
-#define PAX_ASLR_FIXED         0x10
+#define PAX_ASLR_RTLD_OFFSET   0x10
+#define PAX_ASLR_FIXED         0x20
 #endif
 
 static int pax_segvguard_enabled = 1;
@@ -525,22 +526,13 @@
        }
 }
 
-#define        PAX_TRUNC(a, b) ((a) & ~((b) - 1))
-vaddr_t
-pax_aslr_exec_offset(struct exec_package *epp, vaddr_t align)
+static vaddr_t
+pax_aslr_offset(vaddr_t align)
 {
        size_t pax_align, l2, delta;
        uint32_t rand;
        vaddr_t offset;
 
-       if (!pax_aslr_epp_active(epp))
-               goto out;
-
-#ifdef PAX_ASLR_DEBUG
-       if (pax_aslr_flags & PAX_ASLR_EXEC_OFFSET)
-               goto out;
-#endif
-
        pax_align = align == 0 ? PGSHIFT : align;
        l2 = ilog2(pax_align);
 
@@ -549,16 +541,52 @@
        if (pax_aslr_flags & PAX_ASLR_FIXED)
                rand = pax_aslr_rand;
 #endif
+
+#define        PAX_TRUNC(a, b) ((a) & ~((b) - 1))
+
        delta = PAX_ASLR_DELTA(rand, l2, PAX_ASLR_DELTA_EXEC_LEN);
        offset = PAX_TRUNC(delta, pax_align) + PAGE_SIZE;
 
        PAX_DPRINTF("rand=%#x l2=%#zx pax_align=%#zx delta=%#zx offset=%#jx",
            rand, l2, pax_align, delta, (uintmax_t)offset);
+
        return offset;
+}
+
+vaddr_t
+pax_aslr_exec_offset(struct exec_package *epp, vaddr_t align)
+{
+       if (!pax_aslr_epp_active(epp))
+               goto out;
+
+#ifdef PAX_ASLR_DEBUG
+       if (pax_aslr_flags & PAX_ASLR_EXEC_OFFSET)
+               goto out;
+#endif
+       return pax_aslr_offset(align) + PAGE_SIZE;
 out:
        return MAX(align, PAGE_SIZE);
 }
 
+voff_t
+pax_aslr_rtld_offset(struct exec_package *epp, vaddr_t align, int use_topdown)
+{
+       voff_t offset;
+
+       if (!pax_aslr_epp_active(epp))
+               return 0;
+
+#ifdef PAX_ASLR_DEBUG
+       if (pax_aslr_flags & PAX_ASLR_RTLD_OFFSET)
+               return 0;
+#endif
+       offset = pax_aslr_offset(align);
+       if (use_topdown)
+               offset = -offset;
+
+       return offset;
+}
+
 void
 pax_aslr_stack(struct exec_package *epp, u_long *max_stack_size)
 {
diff -r 648aec0fd3d8 -r 34f9e8e9b1d6 sys/sys/pax.h
--- a/sys/sys/pax.h     Wed May 25 13:01:11 2016 +0000
+++ b/sys/sys/pax.h     Wed May 25 17:25:32 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pax.h,v 1.21 2016/05/22 14:26:10 christos Exp $ */
+/* $NetBSD: pax.h,v 1.22 2016/05/25 17:25:32 christos Exp $ */
 
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -86,12 +86,14 @@
 void pax_aslr_stack(struct exec_package *, u_long *);
 uint32_t pax_aslr_stack_gap(struct exec_package *);
 vaddr_t pax_aslr_exec_offset(struct exec_package *, vaddr_t);
+voff_t pax_aslr_rtld_offset(struct exec_package *, vaddr_t, int);
 void pax_aslr_mmap(struct lwp *, vaddr_t *, vaddr_t, int);
 #else
 # define pax_aslr_init_vm(l, v, e)
 # define pax_aslr_stack(e, o)
 # define pax_aslr_stack_gap(e) 0
 # define pax_aslr_exec_offset(e, a) MAX(a, PAGE_SIZE)
+# define pax_aslr_rtld_offset(e, a, u) 0
 # define pax_aslr_mmap(l, a, b, c)
 #endif
Home | Main Index | Thread Index | Old Index