| 1 |
On 17 Oct 2006 at 15:47, Alejo Sanchez wrote: |
| 2 |
|
| 3 |
> Now to the question. I was wondering if there is a way to protect GOT |
| 4 |
> (besides having ET_DYN) in the way OpenBSD does |
| 5 |
> (http://undeadly.org/cgi?action=article&sid=20030126143902). If not, |
| 6 |
> what would you think on a similar patch for Hardened? |
| 7 |
|
| 8 |
the GNU toolchain has provided -z relro -z now for 2 years now, it's |
| 9 |
the proper implementation of GOT protection and is used by the hardened |
| 10 |
gcc specs. OpenBSD's method is rather awkward as they mprotect the GOT |
| 11 |
on each lazily resolved symbol. |
| 12 |
|
| 13 |
> Also for some reason the ET_DYN on my amd64/hardened does only 40bit |
| 14 |
> (paxtest reports as guessed). Is there something that needs touching |
| 15 |
> in the toolchain to improve it? |
| 16 |
|
| 17 |
i assume you mean the heap/stack randomization values. the reason for |
| 18 |
not using anything close to 64 bits is that while the CPU architecture |
| 19 |
works with 64 bit pointers in general, the actual CPU implementations |
| 20 |
don't implement all of those 64 bits. the virtual address space size |
| 21 |
is 48 bits currently, of which we randomize 'only' 40, leaving the 4 |
| 22 |
MSBs and LSBs alone. |
| 23 |
|
| 24 |
-- |
| 25 |
gentoo-hardened@g.o mailing list |
Archives