Re: avoid W|X mappings in libffi

Mon, 23 May 2016 12:25:58 -0700 

Jeremie Courreges-Anglas <[email protected]> writes:

> Theo de Raadt <[email protected]> writes:
>
>>> IIUC they would differ on OSes where libffi can't get a single mapping
>>> with both W and X access.  On those OSes libffi uses a workaround, two
>>> mappings are allocated one with RW, the other with RX.  While we want to
>>> disable RWX on OpenBSD as an end goal, I don't think we want to let
>>> libffi use this hack, 'cause it it basically the same as RWX.
>>
>> Yes we do.
>>
>> In general, shadow mappings are probably less attackable on a case
>> to case basis.  Pure RWX mappings are worse.
>>
>> The roadmap is to remove as much RWX as possible.  If we can split
>> some RWX uses off into shadow mappings, that is progress.  At least
>> code using shadow mappings is half-ready for using mprotect correctly.
>
> Then the diff for src/closures.c should be different: it should ensure
> that libffi uses dlmmap_locked().

On amd64, but the diff should be MI:

                === libffi Summary ===

# of expected passes            1867
# of unexpected failures        3



Index: Makefile
===================================================================
RCS file: /cvs/ports/devel/libffi/Makefile,v
retrieving revision 1.34
diff -u -p -r1.34 Makefile
--- Makefile    23 Mar 2016 22:50:29 -0000      1.34
+++ Makefile    23 May 2016 18:38:58 -0000
@@ -3,7 +3,7 @@
 COMMENT=               Foreign Function Interface
 
 DISTNAME=              libffi-3.2.1
-REVISION=              1
+REVISION=              2
 SHARED_LIBS +=  ffi                  1.2      # .6.4
 CATEGORIES=            devel
 
Index: patches/patch-src_closures_c
===================================================================
RCS file: patches/patch-src_closures_c
diff -N patches/patch-src_closures_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_closures_c        23 May 2016 18:38:58 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+--- src/closures.c.orig        Mon May 23 20:34:13 2016
++++ src/closures.c     Mon May 23 20:35:56 2016
+@@ -525,6 +525,7 @@ dlmmap (void *start, size_t length, int prot,
+   printf ("mapping in %zi\n", length);
+ #endif
+ 
++#if 0
+   if (execfd == -1 && is_emutramp_enabled ())
+     {
+       ptr = mmap (start, length, prot & ~PROT_EXEC, flags, fd, offset);
+@@ -543,6 +544,7 @@ dlmmap (void *start, size_t length, int prot,
+        with ((prot & ~PROT_WRITE) | PROT_EXEC) and mremap with
+        MREMAP_DUP and prot at this point.  */
+     }
++#endif
+ 
+   if (execsize == 0 || execfd == -1)
+     {


-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply via email to