stack_guard hardening bsdinstall option in STABLE and 11.1

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

stack_guard hardening bsdinstall option in STABLE and 11.1

Vlad K.
Hello list,

the stack_guard hardening option in bsdinstall is now setting 512 pages
of it in CURRENT, as of r320674. It's said to MFC after 1 day (on Jul
5th), but STABLE hasn't got it yet. Is this simply an omission
(understandable as the RELEASE is being prepared so things are a bit
hectic I guess), or is there another reason?

Can we assume that in 11.1 the sysctl is integer and can we safely set
 >1 number of pages, say 512 like the installer in CURRENT suggests?

Thanks!



--
Vlad K.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: stack_guard hardening bsdinstall option in STABLE and 11.1

Konstantin Belousov
On Mon, Jul 17, 2017 at 11:54:06AM +0200, Vlad K. wrote:

> Hello list,
>
> the stack_guard hardening option in bsdinstall is now setting 512 pages
> of it in CURRENT, as of r320674. It's said to MFC after 1 day (on Jul
> 5th), but STABLE hasn't got it yet. Is this simply an omission
> (understandable as the RELEASE is being prepared so things are a bit
> hectic I guess), or is there another reason?
>
> Can we assume that in 11.1 the sysctl is integer and can we safely set
>  >1 number of pages, say 512 like the installer in CURRENT suggests?

Default stack size on 32bit platforms is 2M.  I left it to you as an
excercise to guess what happens with the setting applied.

For 64bit machines, default stack size is 4M, so there the failure mode is
somewhat more involved.

Anyway, this option is almost equivalent to executing 'rm /lib/libthr.so.3',
perhaphs rm is even beter.  SECURITY !  HARDENING !
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: stack_guard hardening bsdinstall option in STABLE and 11.1

Glen Barber-6
In reply to this post by Vlad K.
On Mon, Jul 17, 2017 at 11:54:06AM +0200, Vlad K. wrote:

> Hello list,
>
> the stack_guard hardening option in bsdinstall is now setting 512 pages of
> it in CURRENT, as of r320674. It's said to MFC after 1 day (on Jul 5th), but
> STABLE hasn't got it yet. Is this simply an omission (understandable as the
> RELEASE is being prepared so things are a bit hectic I guess), or is there
> another reason?
>
> Can we assume that in 11.1 the sysctl is integer and can we safely set >1
> number of pages, say 512 like the installer in CURRENT suggests?
>
No, this is not available in the 11.1 installer.

Glen


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: stack_guard hardening bsdinstall option in STABLE and 11.1

Vlad K.
On 2017-07-17 15:33, Glen Barber wrote:
>
> No, this is not available in the 11.1 installer.
>
> Glen

Thanks but that's why I asked why's that. r320674 said MFC after 1 day.
Is it too late for 11.1-RELEASE, so it'll be applied to 11-STABLE, or is
there another reason?

If its' too late, does that mean it's too late for the installer, but
the new stack_guard code is there in STABLE and I am guessing will be
part of 11.1, so we can assume the sysctl to be an integer (as opposed
to enable/disable semantics of the sysctl in 11.0)? In other words, is
it safe to ramp up the gap size in 11.1?


--
Vlad K.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: stack_guard hardening bsdinstall option in STABLE and 11.1

Glen Barber-6
On Mon, Jul 17, 2017 at 03:47:08PM +0200, Vlad K. wrote:

> On 2017-07-17 15:33, Glen Barber wrote:
> >
> > No, this is not available in the 11.1 installer.
> >
>
> Thanks but that's why I asked why's that. r320674 said MFC after 1 day. Is
> it too late for 11.1-RELEASE, so it'll be applied to 11-STABLE, or is there
> another reason?
>
> If its' too late, does that mean it's too late for the installer, but the
> new stack_guard code is there in STABLE and I am guessing will be part of
> 11.1, so we can assume the sysctl to be an integer (as opposed to
> enable/disable semantics of the sysctl in 11.0)? In other words, is it safe
> to ramp up the gap size in 11.1?
>
kib gave feedback on this in an earlier reply (which I missed before
replying myself).

Glen


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: stack_guard hardening bsdinstall option in STABLE and 11.1

Vlad K.
On 2017-07-17 16:11, Glen Barber wrote:
>
> kib gave feedback on this in an earlier reply (which I missed before
> replying myself).
>

Neither of which answered my questions, I'm sorry. My question was not
about stack sizes in 32 or 64 bit installations, nor about the quality
of the fix (if I parse the rm libtrh comment correctly).

I simply asked if it's safe to assume the sysctl to be an integer in
11.1 (I'm guessing yes looking at the commits to STABLE, but wanted to
be sure), and I also asked why wasn't the bsdinstall-er option change
MFC'd after 1 day, two weeks ago, whether it's by omission, simply
ENOTIME, or something else...


--
Vlad K.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: stack_guard hardening bsdinstall option in STABLE and 11.1

Mark Millard-2
In reply to this post by Vlad K.
Vlad K. vlad-fbsd at acheronmedia.com wrote on
Mon Jul 17 15:03:11 UTC 2017 :

> I also asked why wasn't the bsdinstall-er option change
> MFC'd after 1 day, two weeks ago, whether it's by omission, simply
> ENOTIME, or something else...

Given what Konstantin Belousov described (default
stack space sizes and apparently guard pages eat
into stack space instead of the overall space being
bigger by the guard size), I think that would explain
not moving from CURRENT: it was known to be a problem.
(Although I expect Konstantin Belousov's note here is
the first public description of the problem's details.)

I agree that you did not get an answer for the other
part:

> I simply asked if it's safe to assume the sysctl to be an integer in

> 11.1


I've not gone through any draft 11.1-release code to
check.

===
Mark Millard
markmi at dsl-only.net

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: stack_guard hardening bsdinstall option in STABLE and 11.1

Vlad K.
On 2017-07-18 00:09, Mark Millard wrote:
> (Although I expect Konstantin Belousov's note here is
> the first public description of the problem's details.)

Thanks for explaining the problem. I guess this was the reason why I
failed to parse kib's reply, this was the first bit of info I
encountered on that patch being effectively "broken" that way.


> I agree that you did not get an answer for the other
> part:
>
>> I simply asked if it's safe to assume the sysctl to be an integer in
>
>> 11.1
>
>
> I've not gone through any draft 11.1-release code to
> check.

It appears to be, the code is MFC'd with (if I'm correct) r320666. I've
ran some tests in -RC3 and indeed it works, though probably for the
reason you explained above (guard page eating into the stack), raising
the stack_guard_pages sufficiently high (eg. 512 pages like the
bsdinstaller in CURRENT defaults to) crashes threaded programs.

If that is so, though, I wonder why it's not reverted, or at least the
sysctl temporarily patched to remain boolean (or turned off completely).
And the bsdinstaller option in CURRENT now essentially enables buggy and
unstable behavior. If this is a known issue, why default to it in
CURRENT.


Anyway thanks for taking time to explain, this answers my questions.



--
Vlad K.
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[hidden email]"
Loading...