| 1 |
On Sat, Apr 08, 2017 at 12:39:28PM +0200, Hanno Böck wrote: |
| 2 |
> Control Flow Integrity is a new set of exploit mitigations (strictly |
| 3 |
> speaking, there is not "the CFI", but many variants). LLVM/clang has |
| 4 |
> support for some form of CFI since a while. The rough idea is that it |
| 5 |
> adds additional checks to the code to avoid jumps to code pieces that |
| 6 |
> shouldn't happen. |
| 7 |
> |
| 8 |
> I'm wondering if there's interest in creating a gentoo-hardened-cfi |
| 9 |
> variant. I've been playing with it a bit. By setting the right |
| 10 |
> cc/cflags/etc. variables it's relatively straightforward to compile |
| 11 |
> single packages with cfi. |
| 12 |
> |
| 13 |
> However when one tries to recompile packages a lot of errors show up. |
| 14 |
> Most of them aren't directly related to CFI (though some are). CFI |
| 15 |
> depends on: |
| 16 |
> * clang, which is not our default (there has been work in the past for |
| 17 |
> gentoo with clang). |
| 18 |
> * fvisibility=hidden. This was afair discussed a while back, but never |
| 19 |
> considered to be enabled in general, only for specific packages. |
| 20 |
> * link time optimization/lto and thus the gold linker, because the |
| 21 |
> "classic" ld doesn't support lto. |
| 22 |
> Many issues that pop up seem like issues to build systems and linking. |
| 23 |
> In some cases though one needs to fix function pointer definitions that |
| 24 |
> don't match their respective functions. (Here's a fix [1] that I sent |
| 25 |
> to curl and that'll be applied in the next version.) |
| 26 |
> |
| 27 |
> For now I'm just investigating whether there's interest in this. I |
| 28 |
> could create some docs in the wiki on how to get started. |
| 29 |
> |
| 30 |
> [1] |
| 31 |
> https://github.com/curl/curl/commit/aced311d189a70c7d9b2d958739bcfc1231b3698 |
| 32 |
|
| 33 |
I'm definitely interested in seeing CFI solution(s) within Gentoo Hardened. |
| 34 |
Your last suggestion (to start off with some docs in the wiki) would indeed |
| 35 |
be the best start, allowing others to chime in when needed and extend. |
| 36 |
|
| 37 |
Wkr, |
| 38 |
Sven Vermeulen |
Archives