On Monday, May 23, 2016 21:22 CEST, Jeremie Courreges-Anglas <[email protected]> wrote:
> Jeremie Courreges-Anglas <[email protected]> writes: > > > Theo de Raadt <[email protected]> writes: > > > >>> IIUC they would differ on OSes where libffi can't get a single mapping > >>> with both W and X access. On those OSes libffi uses a workaround, two > >>> mappings are allocated one with RW, the other with RX. While we want to > >>> disable RWX on OpenBSD as an end goal, I don't think we want to let > >>> libffi use this hack, 'cause it it basically the same as RWX. > >> > >> Yes we do. > >> > >> In general, shadow mappings are probably less attackable on a case > >> to case basis. Pure RWX mappings are worse. > >> > >> The roadmap is to remove as much RWX as possible. If we can split > >> some RWX uses off into shadow mappings, that is progress. At least > >> code using shadow mappings is half-ready for using mprotect correctly. > > > > Then the diff for src/closures.c should be different: it should ensure > > that libffi uses dlmmap_locked(). > > On amd64, but the diff should be MI: > > === libffi Summary === > > # of expected passes 1867 > # of unexpected failures 3 patch below at least seems to make the configure test of gnustep-base happy. Going to rebuild everything with it, and run some applications. Sebastian > > > > Index: Makefile > =================================================================== > RCS file: /cvs/ports/devel/libffi/Makefile,v > retrieving revision 1.34 > diff -u -p -r1.34 Makefile > --- Makefile 23 Mar 2016 22:50:29 -0000 1.34 > +++ Makefile 23 May 2016 18:38:58 -0000 > @@ -3,7 +3,7 @@ > COMMENT= Foreign Function Interface > > DISTNAME= libffi-3.2.1 > -REVISION= 1 > +REVISION= 2 > SHARED_LIBS += ffi 1.2 # .6.4 > CATEGORIES= devel > > Index: patches/patch-src_closures_c > =================================================================== > RCS file: patches/patch-src_closures_c > diff -N patches/patch-src_closures_c > --- /dev/null 1 Jan 1970 00:00:00 -0000 > +++ patches/patch-src_closures_c 23 May 2016 18:38:58 -0000 > @@ -0,0 +1,19 @@ > +$OpenBSD$ > +--- src/closures.c.orig Mon May 23 20:34:13 2016 > ++++ src/closures.c Mon May 23 20:35:56 2016 > +@@ -525,6 +525,7 @@ dlmmap (void *start, size_t length, int prot, > + printf ("mapping in %zi\n", length); > + #endif > + > ++#if 0 > + if (execfd == -1 && is_emutramp_enabled ()) > + { > + ptr = mmap (start, length, prot & ~PROT_EXEC, flags, fd, offset); > +@@ -543,6 +544,7 @@ dlmmap (void *start, size_t length, int prot, > + with ((prot & ~PROT_WRITE) | PROT_EXEC) and mremap with > + MREMAP_DUP and prot at this point. */ > + } > ++#endif > + > + if (execsize == 0 || execfd == -1) > + { > > > -- > jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
