Change Details

Add support for shared library loading order randomization. This is a port of HardenedBSD changeset https://github.com/HardenedBSD/hardenedBSD/commit/6fc06960ae5d374278dddc301aede21a7919b600 https://github.com/HardenedBSD/hardenedBSD/commit/1b291848bfbb8fe12b893d12c5163f74b84257aa As a shuffle algorithm, Fisher-Yates shuffle is used to acheive equal distribution. https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle By default the option is disabled. To enable, one must use WITH_SHLIBRANDOM flag in src.conf

Shared library randomization Add support for shared library loading order randomization. Base work was done in HardenedBSD https://github.com/HardenedBSD/hardenedBSD/commit/6fc06960ae5d374278dddc301aede21a7919b600 https://github.com/HardenedBSD/hardenedBSD/commit/6fc06960ae5d374278dddc301aede21a7919b600 This implementation takes care about libraries ordering. Sometimes, libs must be loaded in exact order, because one might shadow symbols from another (for example libregexp shadows regex- functions from libc). If this order changes, the application will most likely not work. Here, prior randomization, needed libraries are analyzed for symbol shadowing. If such situation is detected, these libraries are marked as "critical" and a loading order between them won't change. As a shuffle algorithm, Fisher-Yates shuffle is used to acheive equal distribution. https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle By default the option is disabled. To enable, one must ude WITH_SHLIBRANDOM flag in src.conf

Shared library randomization Add support for shared library loading order randomization. This is a port ofBase work was done in HardenedBSD changeset https://github.com/HardenedBSD/hardenedBSD/commit/6fc06960ae5d374278dddc301aede21a7919b600 https://github.com/HardenedBSD/hardenedBSD/commit/1b291848bfbb8fe12b893d12c5163f74b84257aa6fc06960ae5d374278dddc301aede21a7919b600 This implementation takes care about libraries ordering. Sometimes, libs must be loaded in exact order, because one might shadow symbols from another (for example libregexp shadows regex- functions from libc). If this order changes, the application will most likely not work. Here, prior randomization, needed libraries are analyzed for symbol shadowing. If such situation is detected, these libraries are marked as "critical" and a loading order between them won't change. As a shuffle algorithm, Fisher-Yates shuffle is used to acheive equal distribution. https://en.wikipedia.org/wiki/Fisher%E2%80%93Yates_shuffle By default the option is disabled. To enable, one must usede WITH_SHLIBRANDOM flag in src.conf