Time to enable partial relro

[Pedro Giffuni]

On 08/26/16 10:08, Warner Losh wrote:
> On Fri, Aug 26, 2016 at 9:06 AM, Pedro Giffuni <pfg at freebsd.org> wrote:
>>
>>
>> On 08/26/16 10:01, Warner Losh wrote:
>>>
>>> On Fri, Aug 26, 2016 at 8:36 AM, Ed Maste <emaste at freebsd.org> wrote:
>>>>
>>>> On 26 August 2016 at 10:18, Warner Losh <imp at bsdimp.com> wrote:
>>>>>
>>>>>
>>>>> So what's the summary of why we'd want to do that? What benefit does it
>>>>> bring?
>>>>> Sure, other folks do it, but why?
>>>>
>>>>
>>>> It's a relatively low cost technique to mitigate certain
>>>> vulnerabilities. rtld needs to write to some sections during load but
>>>> they don't need to be writeable after starting the program. relro
>>>> reorders the output sections so that they are grouped together, and
>>>> rtld remaps them read-only on start. This is often called "partial
>>>> relro." I don't know of any real downside to enabling it, other than
>>>> it could possibly break some strangely built third party software.
>>>> It's been enabled on other platforms for quite some time though and I
>>>> doubt we'd run into new issues.
>>>>
>>>> It doesn't bring a huge benefit by itself though; the PLT is still
>>>> writeable. Adding "-z now" to the linker invocation produces "full
>>>> relro" which makes the PLT read-only too. It has a negative impact on
>>>> process start-up time though.
>>>
>>>
>>> Sounds like this has implications for all the RTLD on all our
>>> architectures. Has this been tested across all of them?
>>>
>>
>> It affects anything ELF yes, but AFAICT the change is platform independent.
>
> That's a different answer than 'it's been tested on all platforms and
> it's fine.'
>

It's the best answer I have.

I will test running buildworld on i386. If you can kindly test on other 
platforms, it would be very welcome.

In any case I will not commit anything unless there is complete
consensus, which is why I asked in this list in the first place :).

Pedro.