On 2016/05/23 21:22, Jeremie Courreges-Anglas wrote:
> Jeremie Courreges-Anglas <[email protected]> writes:
>
> > Theo de Raadt <[email protected]> writes:
> >
> >>> IIUC they would differ on OSes where libffi can't get a single mapping
> >>> with both W and X access. On those OSes libffi uses a workaround, two
> >>> mappings are allocated one with RW, the other with RX. While we want to
> >>> disable RWX on OpenBSD as an end goal, I don't think we want to let
> >>> libffi use this hack, 'cause it it basically the same as RWX.
> >>
> >> Yes we do.
> >>
> >> In general, shadow mappings are probably less attackable on a case
> >> to case basis. Pure RWX mappings are worse.
> >>
> >> The roadmap is to remove as much RWX as possible. If we can split
> >> some RWX uses off into shadow mappings, that is progress. At least
> >> code using shadow mappings is half-ready for using mprotect correctly.
> >
> > Then the diff for src/closures.c should be different: it should ensure
> > that libffi uses dlmmap_locked().
>
> On amd64, but the diff should be MI:
>
> === libffi Summary ===
>
> # of expected passes 1867
> # of unexpected failures 3
Good, so in the amd64 case that is the same number of failures as
without the diff.
A bunch of failures on i386 in libffi's "make test", but again
the same number with/without this diff (including on a machine with
no uvm_mmap diff), and no W^X violations after the diff.
# of expected passes 2182
# of unexpected failures 173
This diff is basically using mechanisms which are provided by
upstream anyway so I don't think there is anything dodgy about it.
OK with me. Jasper, as maintainer do you have any concerns?
.. Diff for easy reference (unchanged from jca's).
Index: Makefile
===================================================================
RCS file: /cvs/ports/devel/libffi/Makefile,v
retrieving revision 1.34
diff -u -p -r1.34 Makefile
--- Makefile 23 Mar 2016 22:50:29 -0000 1.34
+++ Makefile 23 May 2016 18:38:58 -0000
@@ -3,7 +3,7 @@
COMMENT= Foreign Function Interface
DISTNAME= libffi-3.2.1
-REVISION= 1
+REVISION= 2
SHARED_LIBS += ffi 1.2 # .6.4
CATEGORIES= devel
Index: patches/patch-src_closures_c
===================================================================
RCS file: patches/patch-src_closures_c
diff -N patches/patch-src_closures_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_closures_c 23 May 2016 18:38:58 -0000
@@ -0,0 +1,19 @@
+$OpenBSD$
+--- src/closures.c.orig Mon May 23 20:34:13 2016
++++ src/closures.c Mon May 23 20:35:56 2016
+@@ -525,6 +525,7 @@ dlmmap (void *start, size_t length, int prot,
+ printf ("mapping in %zi\n", length);
+ #endif
+
++#if 0
+ if (execfd == -1 && is_emutramp_enabled ())
+ {
+ ptr = mmap (start, length, prot & ~PROT_EXEC, flags, fd, offset);
+@@ -543,6 +544,7 @@ dlmmap (void *start, size_t length, int prot,
+ with ((prot & ~PROT_WRITE) | PROT_EXEC) and mremap with
+ MREMAP_DUP and prot at this point. */
+ }
++#endif
+
+ if (execsize == 0 || execfd == -1)
+ {
