Date: Fri, 28 Oct 2016 15:58:00 -0400 From: Brad Spengler <spender@...ecurity.net> To: Kees Cook <keescook@...omium.org> Cc: Michael Leibowitz <michael.leibowitz@...el.com>, "kernel-hardening@...ts.openwall.com" <kernel-hardening@...ts.openwall.com>, Emese Revfy <re.emese@...il.com>, PaX Team <pageexec@...email.hu>, "Schaufler, Casey" <casey.schaufler@...el.com>, "Reshetova, Elena" <elena.reshetova@...el.com> Subject: Re: [PATCH] Add the randstruct gcc plugin Just curious: http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/commit/?h=kspp/gcc-plugin/randstruct&id=cd7686ee26b839ad5e0467ac2162b360bf1fa673 "These were found using allyesconfig on x86, arm, and arm64." Who found them, and whose code is all that? http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/commit/?h=kspp/gcc-plugin/randstruct&id=6dd5fff4a626c8db8800d76f5096f6efcd2a675f Who decided on these, whose code is it? http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/commit/?h=kspp/gcc-plugin/randstruct&id=7169767228cd6d117a0908997d9a3b38bfb6a1b9 Ditto -- did you spend the hours to figure the ARM hunk out? I only see your name there. Show the world you can do something more than plagiarize code. This is the third time I'm having to warn you guys collectively about this. How hard is it to not plagiarize? -Brad On Fri, Oct 28, 2016 at 12:00:14PM -0700, Kees Cook wrote: > On Thu, Oct 27, 2016 at 11:01 PM, Kees Cook <keescook@...omium.org> wrote: > > On Thu, Oct 27, 2016 at 9:09 PM, Kees Cook <keescook@...omium.org> wrote: > >> On Fri, Oct 21, 2016 at 10:37 AM, Michael Leibowitz > >> <michael.leibowitz@...el.com> wrote: > >>> This plugin randomizes the layout of certain structures at compile > >>> time. This introduces two defines __randomize_layout and > >>> __no_randomize_layout. Which, in turn, tell the compiler to either > >>> try to randomize or not to randomize the struct in question. > >>> > >>> This feature is ported over from grsecurity. The implementation is > >>> nearly identical to the original code written by the PaX Team and > >>> Spender. To make integration simpler, this version only supports > >>> explicit marking of structures. However, it retains the > >>> __no_randomize_layout support for the future. The UAPI checks are > >>> retained as well. Structures that are to be randomized are required > >>> to use the C99 designated initializer form. > >>> > >>> Signed-off-by: Michael Leibowitz <michael.leibowitz@...el.com> > >>> [...] > >>> diff --git a/scripts/Makefile.gcc-plugins b/scripts/Makefile.gcc-plugins > >>> index 61f0e6d..94bfffe 100644 > >>> --- a/scripts/Makefile.gcc-plugins > >>> +++ b/scripts/Makefile.gcc-plugins > >>> @@ -19,9 +19,19 @@ ifdef CONFIG_GCC_PLUGINS > >>> endif > >>> endif > >>> > >>> - GCC_PLUGINS_CFLAGS := $(strip $(addprefix -fplugin=$(objtree)/scripts/gcc-plugins/, $(gcc-plugin-y)) $(gcc-plugin-cflags-y)) > >>> + RANDSTRUCT_PLUGIN := -fplugin=$(objtree)/scripts/gcc-plugins/randomize_layout_plugin.so > >>> + ifdef CONFIG_GCC_PLUGIN_RANDSTRUCT > >>> + gcc-plugin-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += randomize_layout_plugin.so > >>> > >>> - export PLUGINCC GCC_PLUGINS_CFLAGS GCC_PLUGIN GCC_PLUGIN_SUBDIR SANCOV_PLUGIN > >>> + GCC_PLUGIN_RANDSTRUCT_CFLAGS := -fplugin=$(objtree)/scripts/gcc-plugins/randomize_layout_plugin.so -DRANDSTRUCT_PLUGIN > >>> + ifdef CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE > >>> + GCC_PLUGIN_RANDSTRUCT_CFLAGS = -fplugin-arg-randomize_layout_plugin-performance-mode > >> > >> Found it: this "=" should be "+=", though really the whole section > >> should just be updated to the new style of plugin handling: > >> > >> gcc-plugin-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += randomize_layout_plugin.so > >> gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT) += -DRANDSTRUCT_PLUGIN > >> gcc-plugin-cflags-$(CONFIG_GCC_PLUGIN_RANDSTRUCT_PERFORMANCE) += > >> -fplugin-arg-randomize_layout_plugin-performance-mode > >> > >> and the export of RANDSTRUCT_PLUGIN > > > > Also, it looks like "pahole" (or the DWARF record) is lying. :P > > Printing out offsetof()s shows things clearly randomized. > > > > For the next version: can you update to the latest version of this > > plugin? What you sent seems out of date compared to current > > grsecurity. Disabling is_pure_ops_struct() with a "return 0" looks to > > be sufficient to stop the automatic randomization. > > I've built out a more complete series here: > http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/log/?h=kspp/gcc-plugin/randstruct > > This includes all the initializer fixes and opt-in/opt-out markings, > an updated plugin, etc. > > It still needs improved comments, changelogs, and some better > understanding as to why the DWARF information appears broken. If you > can work from this tree, that'd be great! > > -Kees > > -- > Kees Cook > Nexus Security Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.