|
Message-ID: <CAGXu5jKpjZ9KbUCsTSPxO7pGqKra+K28aECxvA4VRR9Tfrzh+A@mail.gmail.com> Date: Fri, 28 Oct 2016 12:00:14 -0700 From: Kees Cook <keescook@...omium.org> To: Michael Leibowitz <michael.leibowitz@...el.com> Cc: Brad Spengler <spender@...ecurity.net>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Emese Revfy <re.emese@...il.com>, PaX Team <pageexec@...email.hu>, "Schaufler, Casey" <casey.schaufler@...el.com>, "Reshetova, Elena" <elena.reshetova@...el.com> Subject: Re: [PATCH] Add the randstruct gcc plugin On Thu, Oct 27, 2016 at 11:01 PM, Kees Cook <keescook@...omium.org> wrote: > On Thu, Oct 27, 2016 at 9:09 PM, Kees Cook <keescook@...omium.org> wrote: >> On Fri, Oct 21, 2016 at 10:37 AM, Michael Leibowitz >> <michael.leibowitz@...el.com> wrote: >>> This plugin randomizes the layout of certain structures at compile >>> time. This introduces two defines __randomize_layout and >>> __no_randomize_layout. Which, in turn, tell the compiler to either >>> try to randomize or not to randomize the struct in question. >>> >>> This feature is ported over from grsecurity. The implementation is >>> nearly identical to the original code written by the PaX Team and >>> Spender. To make integration simpler, this version only supports >>> explicit marking of structures. However, it retains the >>> __no_randomize_layout support for the future. The UAPI checks are >>> retained as well. Structures that are to be randomized are required >>> to use the C99 designated initializer form. >>> >>> Signed-off-by: Michael Leibowitz <michael.leibowitz@...el.com> >>> [...] >>> diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins >>> index 61f0e6d..94bfffe 100644 >>> --- a/scripts/Makefile.gcc-plugins >>> +++ b/scripts/Makefile.gcc-plugins >>> @@ -19,9 +19,19 @@ ifdef CONFIG_GCC_PLUGINS >>> endif >>> endif >>> >>> - GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) >>> + RANDSTRUCT_PLUGIN := -fplugin=$(objtree)/scripts/gcc-plugins/randomize_layout_plugin.so >>> + ifdef CONFIG_GCC_PLUGIN_RANDSTRUCT >>> + gcc-plugin-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += randomize_layout_plugin.so >>> >>> - export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGIN GCC_PLUGIN_SUBDIR SANCOV_PLUGIN >>> + GCC_PLUGIN_RANDSTRUCT_CFLAGS := -fplugin=$(objtree)/scripts/gcc-plugins/randomize_layout_plugin.so -DRANDSTRUCT_PLUGIN >>> + ifdef CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE >>> + GCC_PLUGIN_RANDSTRUCT_CFLAGS = -fplugin-arg-randomize_layout_plugin-performance-mode >> >> Found it: this "=" should be "+=", though really the whole section >> should just be updated to the new style of plugin handling: >> >> gcc-plugin-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += randomize_layout_plugin.so >> gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += -DRANDSTRUCT_PLUGIN >> gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE) += >> -fplugin-arg-randomize_layout_plugin-performance-mode >> >> and the export of RANDSTRUCT_PLUGIN > > Also, it looks like "pahole" (or the DWARF record) is lying. :P > Printing out offsetof()s shows things clearly randomized. > > For the next version: can you update to the latest version of this > plugin? What you sent seems out of date compared to current > grsecurity. Disabling is_pure_ops_struct() with a "return 0" looks to > be sufficient to stop the automatic randomization. I've built out a more complete series here: http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=kspp/gcc-plugin/randstruct This includes all the initializer fixes and opt-in/opt-out markings, an updated plugin, etc. It still needs improved comments, changelogs, and some better understanding as to why the DWARF information appears broken. If you can work from this tree, that'd be great! -Kees -- Kees Cook Nexus Security
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.