Re: anti-ROP mechanism in libc

On Wed, May 04, 2016 at 08:28:41PM -0400, Ian Sutton wrote: > This gives me an idea for how to solve the lack of a first-stage > bootloader (like biosboot(8)) on armv7. Currently U-Boot loads the > kernel image directly into memory and jmp's to its entry point without > an intermediary stage to

Re: anti-ROP mechanism in libc

This gives me an idea for how to solve the lack of a first-stage bootloader (like biosboot(8)) on armv7. Currently U-Boot loads the kernel image directly into memory and jmp's to its entry point without an intermediary stage to read /etc/random.seed from disk and provide it to the kernel to

Re: anti-ROP mechanism in libc

26 Apr. 2016 19:58 "Theo de Raadt" wrote: > > Here is a new version that does a more comprehensive test of the new > libc.so before installing it, and uses install -S > > Index: etc/rc > === > RCS file:

Re: anti-ROP mechanism in libc

Here is a new version that does a more comprehensive test of the new libc.so before installing it, and uses install -S Index: etc/rc === RCS file: /cvs/src/etc/rc,v retrieving revision 1.474 diff -u -p -u -r1.474 rc --- etc/rc

Re: anti-ROP mechanism in libc

On Mon, Apr 25, 2016 at 03:23:47PM +, Robert Peichaer wrote: > On Mon, Apr 25, 2016 at 10:57:37AM -0400, Ted Unangst wrote: > > Theo de Raadt wrote: > > > + cp -p /usr/lib/$_lib /usr/lib/$_tmplib > > > + install -o root -g bin -m 0444 $_lib /usr/lib/$_lib && > >

Re: anti-ROP mechanism in libc

>> Wait! Does that mean there is a moment where there is not a valid >> libc.so installed? That would be wrong wouldn't it? >> >> Doesn't the install command guarantee atomicity? > > Well, this is the same procedure we use during every make build, > and it works. It had been fixed to use

Re: anti-ROP mechanism in libc

On Mon, 25 Apr 2016 10:18:56 -0600, "Todd C. Miller" wrote: > On Mon, 25 Apr 2016 18:04:58 +0200, Mark Kettenis wrote: > > > Wait! Does that mean there is a moment where there is not a valid > > libc.so installed? That would be wrong wouldn't it? > > > > Doesn't the install command guarantee

Re: anti-ROP mechanism in libc

> On Mon, Apr 25, 2016 at 8:23 AM, Robert Peichaer wrote: > > If the install fails, the original library file is restored. > > > > The "install .. && rm .. || mv ..." is identical to if-then-else and could > > be written like this too. > > > > if install -o root -g

Re: anti-ROP mechanism in libc

Robert Peichaer wrote: > On Mon, Apr 25, 2016 at 10:57:37AM -0400, Ted Unangst wrote: > > Theo de Raadt wrote: > > > + cp -p /usr/lib/$_lib /usr/lib/$_tmplib > > > + install -o root -g bin -m 0444 $_lib /usr/lib/$_lib && > > > + rm -f

Re: anti-ROP mechanism in libc

On Mon, Apr 25, 2016 at 8:23 AM, Robert Peichaer wrote: > If the install fails, the original library file is restored. > > The "install .. && rm .. || mv ..." is identical to if-then-else and could > be written like this too. > > if install -o root -g bin -m 0444

Re: anti-ROP mechanism in libc

> Wait! Does that mean there is a moment where there is not a valid > libc.so installed? That would be wrong wouldn't it? > > Doesn't the install command guarantee atomicity? Well, this is the same procedure we use during every make build, and it works.

Re: anti-ROP mechanism in libc

On Mon, 25 Apr 2016 18:04:58 +0200, Mark Kettenis wrote: > Wait! Does that mean there is a moment where there is not a valid > libc.so installed? That would be wrong wouldn't it? > > Doesn't the install command guarantee atomicity? Seems like it would be safer to just install as

Re: anti-ROP mechanism in libc

On Mon, Apr 25, 2016 at 10:57:37AM -0400, Ted Unangst wrote: > Theo de Raadt wrote: > > + cp -p /usr/lib/$_lib /usr/lib/$_tmplib > > + install -o root -g bin -m 0444 $_lib /usr/lib/$_lib && > > + rm -f /usr/lib/$_tmplib || > > +

Re: anti-ROP mechanism in libc

Theo de Raadt wrote: > + cp -p /usr/lib/$_lib /usr/lib/$_tmplib > + install -o root -g bin -m 0444 $_lib /usr/lib/$_lib && > + rm -f /usr/lib/$_tmplib || > + mv /usr/lib/$_tmplib /usr/lib/$_lib I'm a