From: fweimer@redhat.com (Florian Weimer)
To: libc-alpha@sourceware.org
Subject: [PATCH] Generate additional secret keys for the heap protector
Date: Fri, 28 Oct 2016 13:05:00 -0000 [thread overview]
Message-ID: <20161028130509.A74DC439942E0@oldenburg.str.redhat.com> (raw)
2016-10-27 Florian Weimer <fweimer@redhat.com>
* elf/dl-keysetup.h: New file.
* elf/dl-keysetup.c: Likewise.
* elf/Makefile (dl-routines): Add dl-keysetup.
* csu/libc-start.c (LIBC_START_MAIN): Call __compute_keys to
obtain key material.
* elf/rtld.c (security_init): Likewise.
* crypt/sha256.c: Use relative #include for sha256-block.c
diff --git a/crypt/sha256.c b/crypt/sha256.c
index b5497d9..a6ab2e1 100644
--- a/crypt/sha256.c
+++ b/crypt/sha256.c
@@ -211,4 +211,4 @@ __sha256_process_bytes (const void *buffer, size_t len, struct sha256_ctx *ctx)
}
}
-#include <sha256-block.c>
+#include "sha256-block.c"
diff --git a/csu/libc-start.c b/csu/libc-start.c
index 99c040a..333a4cc 100644
--- a/csu/libc-start.c
+++ b/csu/libc-start.c
@@ -21,6 +21,7 @@
#include <unistd.h>
#include <ldsodefs.h>
#include <exit-thread.h>
+#include <elf/dl-keysetup.h>
extern void __libc_init_first (int argc, char **argv, char **envp);
@@ -192,21 +193,21 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL),
we need to setup errno. */
__pthread_initialize_minimal ();
+ struct key_setup keys;
+ __compute_keys (_dl_random, &keys);
+
/* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random);
# ifdef THREAD_SET_STACK_GUARD
- THREAD_SET_STACK_GUARD (stack_chk_guard);
+ THREAD_SET_STACK_GUARD (keys.stack);
# else
- __stack_chk_guard = stack_chk_guard;
+ __stack_chk_guard = keys.stack;
# endif
/* Set up the pointer guard value. */
- uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
- stack_chk_guard);
# ifdef THREAD_SET_POINTER_GUARD
- THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+ THREAD_SET_POINTER_GUARD (keys.pointer);
# else
- __pointer_chk_guard_local = pointer_chk_guard;
+ __pointer_chk_guard_local = keys.pointer;
# endif
#endif
diff --git a/elf/Makefile b/elf/Makefile
index 82c7e05..c0a8e2e 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -31,7 +31,8 @@ routines = $(all-dl-routines) dl-support dl-iteratephdr \
dl-routines = $(addprefix dl-,load lookup object reloc deps hwcaps \
runtime error init fini debug misc \
version profile conflict tls origin scope \
- execstack caller open close trampoline)
+ execstack caller open close trampoline \
+ keysetup)
ifeq (yes,$(use-ldconfig))
dl-routines += dl-cache
endif
diff --git a/elf/dl-keysetup.c b/elf/dl-keysetup.c
new file mode 100644
index 0000000..45bd4de
--- /dev/null
+++ b/elf/dl-keysetup.c
@@ -0,0 +1,77 @@
+/* Compute secret keys used for protection heuristics.
+ Copyright (C) 2016 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of the
+ License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; see the file COPYING.LIB. If
+ not, see <http://www.gnu.org/licenses/>. */
+
+#include <dl-keysetup.h>
+#include <string.h>
+
+enum { at_random_size = 16 };
+
+#if __WORDSIZE == 64
+enum { sha256_output_size = 32 };
+static void compute_sha256_of_random (const void *random, void *result);
+#endif
+
+void
+__compute_keys (const void *random, struct key_setup *result)
+{
+#if __WORDSIZE == 32
+ _Static_assert (sizeof (*result) == at_random_size,
+ "no key expansion required");
+ memcpy (random, result, sizeof (result));
+#else
+ /* We use SHA-256 to expand the 16 bytes of randomness into 32
+ bytes, so that it is hard to guess the remaining keys once a
+ subset of them is known. */
+ _Static_assert (sizeof (*result) == sha256_output_size,
+ "SHA-256 provides required size");
+ compute_sha256_of_random (random, result);
+#endif
+
+ /* Prevent leakage of the stack canary through a read buffer
+ overflow of a NUL-terminated string. */
+ *(char *) &result->stack = '\0';
+
+ /* Clear the lowest three bits in the heap header guard value, so
+ that the flag bits remain unchanged. */
+ result->heap_header <<= 3;
+}
+
+#if __WORDSIZE == 64
+
+#pragma GCC visibility push (hidden)
+
+/* Avoid symbol collisions with libcrypt. */
+#define __sha256_process_block __dl_sha256_process_block
+#define __sha256_init_ctx __dl_sha256_init_ctx
+#define __sha256_process_bytes __dl_sha256_process_bytes
+#define __sha256_finish_ctx __dl_sha256_finish_ctx
+
+#include "../crypt/sha256.h"
+#include "../crypt/sha256.c"
+
+#pragma GCC visibility pop
+
+static void
+compute_sha256_of_random (const void *random, void *result)
+{
+ struct sha256_ctx ctx;
+ __sha256_init_ctx (&ctx);
+ __sha256_process_bytes (random, at_random_size, &ctx);
+ __sha256_finish_ctx (&ctx, result);
+}
+#endif
diff --git a/elf/dl-keysetup.h b/elf/dl-keysetup.h
new file mode 100644
index 0000000..3c7e9bb
--- /dev/null
+++ b/elf/dl-keysetup.h
@@ -0,0 +1,45 @@
+/* Compute secret keys used for protection heuristics.
+ Copyright (C) 2016 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of the
+ License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; see the file COPYING.LIB. If
+ not, see <http://www.gnu.org/licenses/>. */
+
+#ifndef KEY_SETUP_H
+#define KEY_SETUP_H
+
+#include <stdint.h>
+
+/* The set of protection keys used by glibc. */
+struct key_setup
+{
+ /* Canary for the stack-smashing protector. */
+ uintptr_t stack;
+
+ /* Pointer guard, protecting selected function pointers. */
+ uintptr_t pointer;
+
+ /* Heap guard, proctecting the malloc chunk header. */
+ uintptr_t heap_header;
+
+ /* Heap guard part two, protecting the previous chunk size field. */
+ uintptr_t heap_footer;
+};
+
+/* Derive the keys in *RESULT from RANDOM, which comes from the
+ auxiliary vector and points to 16 bytes of randomness. */
+void __compute_keys (const void *random, struct key_setup *result)
+ attribute_hidden;
+
+#endif /* KEY_SETUP_H */
diff --git a/elf/rtld.c b/elf/rtld.c
index 647661c..de965da 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -41,6 +41,7 @@
#include <tls.h>
#include <stap-probe.h>
#include <stackinfo.h>
+#include <dl-keysetup.h>
#include <assert.h>
@@ -699,21 +700,21 @@ rtld_lock_default_unlock_recursive (void *lock)
static void
security_init (void)
{
+ struct key_setup keys;
+ __compute_keys (_dl_random, &keys);
+
/* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random);
#ifdef THREAD_SET_STACK_GUARD
- THREAD_SET_STACK_GUARD (stack_chk_guard);
+ THREAD_SET_STACK_GUARD (keys.stack);
#else
- __stack_chk_guard = stack_chk_guard;
+ __stack_chk_guard = keys.stack;
#endif
/* Set up the pointer guard as well, if necessary. */
- uintptr_t pointer_chk_guard
- = _dl_setup_pointer_guard (_dl_random, stack_chk_guard);
#ifdef THREAD_SET_POINTER_GUARD
- THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+ THREAD_SET_POINTER_GUARD (keys.pointer);
#endif
- __pointer_chk_guard_local = pointer_chk_guard;
+ __pointer_chk_guard_local = keys.pointer;
/* We do not need the _dl_random value anymore. The less
information we leave behind, the better, so clear the
next reply other threads:[~2016-10-28 13:05 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-28 13:05 Florian Weimer [this message]
2016-10-28 14:47 ` Carlos O'Donell
2016-10-28 15:39 ` Florian Weimer
2016-10-28 16:48 ` Carlos O'Donell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161028130509.A74DC439942E0@oldenburg.str.redhat.com \
--to=fweimer@redhat.com \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).