(From tech@) Conceptual nooby Q, what does this add beyond PIE & ASLR?
On 2016-04-25 20:10, Theo de Raadt wrote:
This change randomizes the order of symbols in libc.so at boot time. This is done by saving all the independent .so sub-files into an ar archive, and then relinking them into a new libc.so in random order, at each boot. The cost is less than a second on the systems I am using. For now, this is only done for libc, because it is generally the most gadget heavy library; spilled registers are more likely to point within the libc segment; and also the gadgets are close to system call stubs. As a result of the change, gadgets are no longer found at fixed offsets from spilled registers. (I have run this on my systems for all base/X libraries, which exposed no strange behaviour.... roughly 3 seconds of rebuild time at boot) I have included the sets changes, to show that a few compile tools must move into base. This should allow comp-less installs to continue working. My horrible shell scripts were improved by rpe, who also did other testing.
