Page MenuHomeFreeBSD
Differential D28883

Shared library randomization
Needs ReviewPublic
Actions

Authored by wma on Tue, Feb 23, 11:02 AM.

Details

Reviewers
mw
dgr_semihalf.com
mindal_semihalf.com
emaste
imp
kib
Summary

Add support for shared library loading order randomization.

This is a port of HardenedBSD changeset
https://github.com/HardenedBSD/hardenedBSD/commit/6fc06960ae5d374278dddc301aede21a7919b600
https://github.com/HardenedBSD/hardenedBSD/commit/1b291848bfbb8fe12b893d12c5163f74b84257aa

As a shuffle algorithm, Fisher-Yates shuffle is used to acheive
equal distribution.
https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle

By default the option is disabled. To enable, one must use
WITH_SHLIBRANDOM flag in src.conf

Diff Detail

Repository
R10 FreeBSD src repository
Lint
Lint Skipped
Unit
Unit Tests Skipped

Event Timeline

wma created this revision.Tue, Feb 23, 11:02 AM
Herald added subscribers: bdragon, bdrewery. ยท View Herald TranscriptTue, Feb 23, 11:02 AM
wma requested review of this revision.Tue, Feb 23, 11:02 AM
wma edited the summary of this revision. (Show Details)Tue, Feb 23, 11:05 AM
andrew added a subscriber: andrew.Tue, Feb 23, 11:46 AM

How do you propose to fix the issue mentioned in the commit message in https://github.com/HardenedBSD/hardenedBSD/commit/1b291848bfbb8fe12b893d12c5163f74b84257aa?

wma added a comment.Wed, Feb 24, 7:35 AM

That's a very good point, unfortunately I don't have a clear answer.
I'm aware of the problem with grep and this patch definitely not resolves it.

Moreover, it's not only a grep issue. In all /lib and /usr/lib there are about 30k+ symbols with the same name in different so's. Most of them are just duplicates of various version of the same lib (like ncurses* stuff and similar), but some libraries are re-implementing procedures from libc which is a case with grep/libregex.

The idea here is to provide a randomization for secured embedded environments where we can and want to precisely control which applications are running. It's definitely not for typical user who values to have unix-like experience.

There are products which are running just fine with this randomization and that's why I think it's worth to integrate it and leave it as an option.

For future improvements, I consider one of following:

  1. Have a list of application/libraries for which there shall not be any randomization at all
  2. Analyze symbols during pre-load phase and provide "before/after" dependencies
  3. Always keep libc, libssl* etc. at the end of the list

#1 will increase executalbe startup time
#2 and #3 might impact uniformity of probabilistic distribution with F-Y shuffle

Revision Contents
Changeset List

PathSize
libexec/
rtld-elf/
4 lines
57 lines
share/
mk/
1 line
tools/
build/
options/
1 line

Diff 84523

View Options

libexec/rtld-elf/Makefile

Loading...
View Options

libexec/rtld-elf/rtld.c

Loading...
View Options

share/mk/src.opts.mk

Loading...
View Options

tools/build/options/WITH_SHLIBRANDOM

Loading...