Re: [kernel-hardening] System call interface changes

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Florian Weimer <fweimer@redhat.com>
To: kernel-hardening@lists.openwall.com
Subject: Re: [kernel-hardening] System call interface changes
Date: Tue, 24 Nov 2015 20:54:28 +0100	[thread overview]
Message-ID: <5654C074.3020908@redhat.com> (raw)
In-Reply-To: <20151120191632.GX3818@brightrain.aerifal.cx>

On 11/20/2015 08:16 PM, Rich Felker wrote:

>> This would have to be an opt-in feature, obviously, and applications
>> would have to opt in explicitly via some ELF flag (similar to what we
>> did for non-executable stacks).
> 
> I don't think that's necessary. The application (or for typical
> dynamic linking, just the build of libc.so) would just need to refrain
> from using the parameterized syscall so that the old opcode would not
> appear in its executable mappings.

The SYSCALL instruction is fairly short (0x0f 0x05), so it ends up in
process images by accident.  I think this calls for explicit blocking.

>> Do you think it would be feasible to encode the system call number in
>> the instruction stream instead, next to the instruction?  I think this
> 
> This was done on ARM in the old pre-EABI ABI, and it turned out to be
> a bad design, at least from standpoints other than security. Reading
> the syscall number out of the instruction stream was more expensive,
> incompatible with syscall() (which ended up requiring a special
> SYS_syscall that needed messy argument conventions), and incompatible
> with reasonable userspace coding of syscalls using inline functions
> rather than macros, where you would have to rely on constant
> propagation optimizations to be able to satisfy asm constraints.

Wouldn't it be possible to embed the constant in the assembly text,
using the C preprocessor?

But I appreciate your comments, they have been helpful.

Florian

next prev parent reply	other threads:[~2015-11-24 19:54 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-20 10:30 [kernel-hardening] System call interface changes Florian Weimer
2015-11-20 19:16 ` Rich Felker
2015-11-24 19:54   ` Florian Weimer [this message]
2015-11-24 20:29     ` Rich Felker
2015-11-24 20:10 ` Kees Cook
2015-11-24 20:54   ` Florian Weimer
2015-11-24 21:43     ` Kees Cook
2015-12-07 15:44       ` Florian Weimer
2015-12-07 16:26         ` lazytyped
2015-11-24 22:33     ` Rich Felker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5654C074.3020908@redhat.com \
    --to=fweimer@redhat.com \
    --cc=kernel-hardening@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.