Changeset View
Changeset View
Standalone View
Standalone View
sys/kern/imgact_elf.c
Show First 20 Lines • Show All 203 Lines • ▼ Show 20 Lines | SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, honor_sbrk, CTLFLAG_RW, | ||||
__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": assume sbrk is used"); | __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) ": assume sbrk is used"); | ||||
static int __elfN(aslr_stack) = 1; | static int __elfN(aslr_stack) = 1; | ||||
SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, stack, CTLFLAG_RWTUN, | SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, stack, CTLFLAG_RWTUN, | ||||
&__elfN(aslr_stack), 0, | &__elfN(aslr_stack), 0, | ||||
__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) | __XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) | ||||
": enable stack address randomization"); | ": enable stack address randomization"); | ||||
static int __elfN(aslr_shared_page) = __ELF_WORD_SIZE == 64; | |||||
SYSCTL_INT(ASLR_NODE_OID, OID_AUTO, shared_page, CTLFLAG_RWTUN, | |||||
&__elfN(aslr_shared_page), 0, | |||||
__XSTRING(__CONCAT(ELF, __ELF_WORD_SIZE)) | |||||
": enable shared page address randomization"); | |||||
static int __elfN(sigfastblock) = 1; | static int __elfN(sigfastblock) = 1; | ||||
SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, sigfastblock, | SYSCTL_INT(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, sigfastblock, | ||||
CTLFLAG_RWTUN, &__elfN(sigfastblock), 0, | CTLFLAG_RWTUN, &__elfN(sigfastblock), 0, | ||||
"enable sigfastblock for new processes"); | "enable sigfastblock for new processes"); | ||||
static bool __elfN(allow_wx) = true; | static bool __elfN(allow_wx) = true; | ||||
SYSCTL_BOOL(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, allow_wx, | SYSCTL_BOOL(__CONCAT(_kern_elf, __ELF_WORD_SIZE), OID_AUTO, allow_wx, | ||||
CTLFLAG_RWTUN, &__elfN(allow_wx), 0, | CTLFLAG_RWTUN, &__elfN(allow_wx), 0, | ||||
▲ Show 20 Lines • Show All 1,080 Lines • ▼ Show 20 Lines | if ((sv->sv_flags & SV_ASLR) == 0 || | ||||
* the base for the image anywere and still not suffer | * the base for the image anywere and still not suffer | ||||
* from the fragmentation. | * from the fragmentation. | ||||
*/ | */ | ||||
if (!__elfN(aslr_honor_sbrk) || | if (!__elfN(aslr_honor_sbrk) || | ||||
(imgp->proc->p_flag2 & P2_ASLR_IGNSTART) != 0) | (imgp->proc->p_flag2 & P2_ASLR_IGNSTART) != 0) | ||||
imgp->map_flags |= MAP_ASLR_IGNSTART; | imgp->map_flags |= MAP_ASLR_IGNSTART; | ||||
if (__elfN(aslr_stack)) | if (__elfN(aslr_stack)) | ||||
imgp->map_flags |= MAP_ASLR_STACK; | imgp->map_flags |= MAP_ASLR_STACK; | ||||
if (__elfN(aslr_shared_page)) | |||||
imgp->imgp_flags |= IMGP_ASLR_SHARED_PAGE; | |||||
kib: I think you do not need a new map flag. The contexts where the flag is set, and then read, all… | |||||
Done Inline ActionsThe problem is that if the flag is stored in image_params, sysctl_kern_proc_vm_layout won't be able to access it. kd: The problem is that if the flag is stored in image_params, sysctl_kern_proc_vm_layout won't be… | |||||
Not Done Inline ActionsCan you check sv_shared_page_base against address stored in vmspace? If they are equal, consider shared page base not randomized. kib: Can you check sv_shared_page_base against address stored in vmspace? If they are equal… | |||||
Done Inline ActionsGood idea! kd: Good idea!
Did just that in the latest update to this revision. | |||||
} | } | ||||
if ((!__elfN(allow_wx) && (fctl0 & NT_FREEBSD_FCTL_WXNEEDED) == 0 && | if ((!__elfN(allow_wx) && (fctl0 & NT_FREEBSD_FCTL_WXNEEDED) == 0 && | ||||
(imgp->proc->p_flag2 & P2_WXORX_DISABLE) == 0) || | (imgp->proc->p_flag2 & P2_WXORX_DISABLE) == 0) || | ||||
(imgp->proc->p_flag2 & P2_WXORX_ENABLE_EXEC) != 0) | (imgp->proc->p_flag2 & P2_WXORX_ENABLE_EXEC) != 0) | ||||
imgp->map_flags |= MAP_WXORX; | imgp->map_flags |= MAP_WXORX; | ||||
error = exec_new_vmspace(imgp, sv); | error = exec_new_vmspace(imgp, sv); | ||||
▲ Show 20 Lines • Show All 1,576 Lines • Show Last 20 Lines |
I think you do not need a new map flag. The contexts where the flag is set, and then read, all use struct image_params. I suspect you can move the bool into this structure and avoid changing map_flags type.