kern/181497: [kernel] [patch] Add ASLR feature to kernel
Shawn Webb
lattera at gmail.com
Sun Feb 9 23:31:32 UTC 2014
Sorry for the delay. The attached patch should apply cleanly on top of the
existing patch and should fix Olivier's problems.
On Wed, Feb 5, 2014 at 8:54 AM, Shawn Webb <lattera at gmail.com> wrote:
> Looks like that variable is missing in that struct. The exec delta
> variable changes how the binary itself and the RTLD is loaded. I'll fix the
> warnings and errors you reported today. Thanks for helping!
>
>
> On Wed, Feb 5, 2014 at 3:56 AM, Olivier Cochard-Labbé <olivier at cochard.me>wrote:
>
>> On Tue, Feb 4, 2014 at 9:00 PM, Shawn Webb <lattera at gmail.com> wrote:
>>
>>> The following reply was made to PR kern/181497; it has been noted by
>>> GNATS.
>>>
>>> From: Shawn Webb <lattera at gmail.com>
>>> To: bug-followup at FreeBSD.org,
>>> steven at roothosts.com
>>>
>>> Cc:
>>> Subject: Re: kern/181497: [kernel] [patch] Add ASLR feature to kernel
>>> Date: Tue, 4 Feb 2014 14:57:44 -0500
>>>
>>> --Apple-Mail=_70D08D01-527F-4575-806A-36757E957E5A
>>> Content-Transfer-Encoding: quoted-printable
>>> Content-Type: text/plain;
>>> charset=us-ascii
>>>
>>> I'm sorry, my patch actually wasn't right. It included other fixes I
>>> had =
>>> in my branch for other features and didn't include some of the other =
>>> ASLR bits. Attached is the right patch.
>>>
>>>
>> kernel compilation failed if configuration is "with PAX_ASLR options" and
>> "without COMPAT_FREEBSD32 options":
>>
>> --- kern_pax.o ---
>> /src/sys/kern/kern_pax.c:531:9: error: no member named
>> 'vm_aslr_delta_exec' in 'struct vmspace'
>>
>> vm->vm_aslr_delta_exec = round_page(PAX_ASLR_DELTA(arc4random(),
>> PAX_ASLR_DELTA_EXEC_LSB, (pr != NULL) ? pr->pr_pax_aslr_exec_len :
>> pax_aslr_exec_len));
>> ~~ ^
>> 1 error generated.
>>
>> What's is this "vm_aslr_delta_exec" ?
>>
>
>
-------------- next part --------------
diff --git a/sys/kern/imgact_elf.c b/sys/kern/imgact_elf.c
index 3f9487c..3a36f20 100644
--- a/sys/kern/imgact_elf.c
+++ b/sys/kern/imgact_elf.c
@@ -603,7 +603,9 @@ __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
u_long rbase;
u_long base_addr = 0;
int error, i, numsegs;
- struct prison *pr; /* For ASLR */
+#ifdef PAX_ASLR
+ struct prison *pr;
+#endif
#ifdef CAPABILITY_MODE
/*
@@ -659,22 +661,21 @@ __elfN(load_file)(struct proc *p, const char *file, u_long *addr,
hdr = (const Elf_Ehdr *)imgp->image_header;
if ((error = __elfN(check_header)(hdr)) != 0)
goto fail;
- if (hdr->e_type == ET_DYN)
+ if (hdr->e_type == ET_DYN) {
rbase = *addr;
- else if (hdr->e_type == ET_EXEC)
+#ifdef PAX_ASLR
+ pr = pax_aslr_get_prison(NULL, imgp->proc);
+ if (pax_aslr_active(NULL, imgp->proc)) {
+ rbase += round_page(PAX_ASLR_DELTA(arc4random(), PAX_ASLR_DELTA_EXEC_LSB, pr->pr_pax_aslr_exec_len));
+ }
+#endif
+ } else if (hdr->e_type == ET_EXEC) {
rbase = 0;
- else {
+ } else {
error = ENOEXEC;
goto fail;
}
-#ifdef PAX_ASLR
- pr = pax_aslr_get_prison(NULL, imgp->proc);
- if (pax_aslr_active(NULL, imgp->proc)) {
- rbase += round_page(PAX_ASLR_DELTA(arc4random(), PAX_ASLR_DELTA_EXEC_LSB, pr->pr_pax_aslr_exec_len));
- }
-#endif
-
/* Only support headers that fit within first page for now */
if ((hdr->e_phoff > PAGE_SIZE) ||
(u_int)hdr->e_phentsize * hdr->e_phnum > PAGE_SIZE - hdr->e_phoff) {
diff --git a/sys/kern/kern_pax.c b/sys/kern/kern_pax.c
index 9182606..7654e5b 100644
--- a/sys/kern/kern_pax.c
+++ b/sys/kern/kern_pax.c
@@ -528,7 +528,6 @@ pax_aslr_init(struct thread *td, struct image_params *imgp)
vm->vm_aslr_delta_stack = PAX_ASLR_DELTA(arc4random(),
PAX_ASLR_DELTA_STACK_LSB, (pr != NULL) ? pr->pr_pax_aslr_stack_len : pax_aslr_stack_len);
vm->vm_aslr_delta_stack = ALIGN(vm->vm_aslr_delta_stack);
- vm->vm_aslr_delta_exec = round_page(PAX_ASLR_DELTA(arc4random(), PAX_ASLR_DELTA_EXEC_LSB, (pr != NULL) ? pr->pr_pax_aslr_exec_len : pax_aslr_exec_len));
#else /* COMPAT_FREEBSD32 */
if ((sv_flags & SV_LP64) != 0) {
vm->vm_aslr_delta_mmap = PAX_ASLR_DELTA(arc4random(),
More information about the freebsd-bugs
mailing list