Page MenuHomeFreeBSD

Shared library randomization
Needs ReviewPublic

Authored by wma on Tue, Feb 23, 11:02 AM.



Add support for shared library loading order randomization.

This is a port of HardenedBSD changeset

As a shuffle algorithm, Fisher-Yates shuffle is used to acheive
equal distribution.

By default the option is disabled. To enable, one must use
WITH_SHLIBRANDOM flag in src.conf

Diff Detail

R10 FreeBSD src repository
Lint Skipped
Unit Tests Skipped

Event Timeline

wma requested review of this revision.Tue, Feb 23, 11:02 AM

That's a very good point, unfortunately I don't have a clear answer.
I'm aware of the problem with grep and this patch definitely not resolves it.

Moreover, it's not only a grep issue. In all /lib and /usr/lib there are about 30k+ symbols with the same name in different so's. Most of them are just duplicates of various version of the same lib (like ncurses* stuff and similar), but some libraries are re-implementing procedures from libc which is a case with grep/libregex.

The idea here is to provide a randomization for secured embedded environments where we can and want to precisely control which applications are running. It's definitely not for typical user who values to have unix-like experience.

There are products which are running just fine with this randomization and that's why I think it's worth to integrate it and leave it as an option.

For future improvements, I consider one of following:

  1. Have a list of application/libraries for which there shall not be any randomization at all
  2. Analyze symbols during pre-load phase and provide "before/after" dependencies
  3. Always keep libc, libssl* etc. at the end of the list

#1 will increase executalbe startup time
#2 and #3 might impact uniformity of probabilistic distribution with F-Y shuffle