Project

General

Profile

Actions
Copy link

Bug #10936

closed

umem_genasm needs to be stricter about segments

Added by Robert Mustacchi almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Robert Mustacchi
Category:
lib - userland libraries
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

The umem_genasm logic that was introduced as part of per-thread caching umem should create tighter windows about when its instruction text is writable, basically only doing so while updating the text. Unfortunately, because other threads can be calling into it, there's no way to make it perfectly rw- or r-x, but at least this should make rop and other rewriting attacks harder to perform.

To test this I did the following:

1. Ensured that there were no rwx segments in programs using umem.
2. Checked that software still had the PTC enabled.
3. Set up a fresh installation of Triton with a platform with these changes and made sure that everything came up and that no cores were generated.

Actions
Copy link
 #1

Updated by Electric Monk almost 4 years ago

  • Status changed from New to Closed

git commit b1e2e3fb17324e9ddf43db264a0c64da7756d9e6

commit  b1e2e3fb17324e9ddf43db264a0c64da7756d9e6
Author: Robert Mustacchi <rm@joyent.com>
Date:   2019-06-24T21:24:51.000Z

    10936 umem_genasm needs to be stricter about segments
    10937 Clean up umem smatch and cerrwarn
    Reviewed by: Cody Peter Mello <melloc@joyent.com>
    Reviewed by: Patrick Mooney <patrick.mooney@joyent.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Andy Fiddaman <andy@omniosce.org>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions
Copy link

Also available in: Atom PDF