From patchwork Wed Feb 13 22:15:41 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hauke Mehrtens X-Patchwork-Id: 1041647 X-Patchwork-Delegate: hauke@hauke-m.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=hauke-m.de Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="XS7BY5kR"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 440DQ72PQCz9s7T for ; Thu, 14 Feb 2019 09:16:31 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:Message-Id:Date:To :From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=kwWUDHrxKXigKOYIFBr7LszjK5IMkGlMEY4YZUji60g=; b=XS7BY5kRCL4GwT 3EO6T45MRB3sGnWE3Q3NPHYSPZMyr5wfRI1/CI/TAoat5h9kC/FUGI/UmYonLsaSrh3F7xb/6wblG +tm9MIEVU1f06LuJggI+onj9fqYdBKhbn3/tyo5ZYmDd0yn2MUa1J2hO7Lth2Z1s3EfNa+x2wR5J/ iCBDto9Dp6Mdmj5Sv0KSQDSqcdEnpsUmH2IobbJUyijEmGI7Xx03aV5hilsbSdki0mxbjysqrwW3l omcQButwts+cBUll0pQtk9OfoPdHlFfyvVx6FyJbTJdNLb9mcImVx2JlWJZ6GlX4AmOubbJi563zr 27s3UJYEusfExXNbGPaQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gu2pA-00046C-Hr; Wed, 13 Feb 2019 22:16:12 +0000 Received: from mx2.mailbox.org ([80.241.60.215]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gu2p5-00045j-O6 for openwrt-devel@lists.openwrt.org; Wed, 13 Feb 2019 22:16:09 +0000 Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:105:465:1:1:0]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 17A38A11BD; Wed, 13 Feb 2019 23:16:02 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172]) (amavisd-new, port 10030) with ESMTP id FOi0WiVIokGc; Wed, 13 Feb 2019 23:15:56 +0100 (CET) From: Hauke Mehrtens To: openwrt-devel@lists.openwrt.org Date: Wed, 13 Feb 2019 23:15:41 +0100 Message-Id: <20190213221541.10882-1-hauke@hauke-m.de> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190213_141608_087256_814FE0F5 X-CRM114-Status: GOOD ( 19.77 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [80.241.60.215 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record Subject: [OpenWrt-Devel] [PATCH] build: Activate ASLR PIE by default X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hauke Mehrtens Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This will build all executable as Position Independent Executables (PIE) by default. PIE executable can make full use of Address Space Layout Randomization (ASLR) because all sections can be placed at random offsets of the executed program. This makes it harder to exploit bugs in our binaries. This will increase the size of executable, libraries are already build position independent and their size will not change. This increases the size of the resulting images by about 3% on MIPS BE. I tested this with the default configuration for the lantiq xrx200 target. The size of the initramfs binaries increased by 2.88%: Without PIE: 5.303.716 openwrt-lantiq-xrx200-bt_homehub-v5a-initramfs-kernel.bin With PIE: 5.456.339 openwrt-lantiq-xrx200-bt_homehub-v5a-initramfs-kernel.bin With PIE activated the executable are getting bigger, here are some examples from the lantiq mips_24kc target: Without PIE: 112.309 /bin/opkg 299.061 /bin/busybox 456.549 /usr/sbin/wpad With PIE: 142.496 /bin/opkg (26.87% increase) 388.404 /bin/busybox (29.87% increase) 580.128 /usr/sbin/wpad (27.06% increase) With PIE activated the sections of the binaries are loaded to different offsets for each program instance like shown here: root@OpenWrt:/# cat /proc/self/maps 555c4000-55622000 r-xp 00000000 00:02 1030 /bin/busybox 55631000-55632000 r-xp 0005d000 00:02 1030 /bin/busybox 55632000-55633000 rwxp 0005e000 00:02 1030 /bin/busybox 55633000-55634000 rwxp 00000000 00:00 0 77ee2000-77f04000 r-xp 00000000 00:02 331 /lib/libgcc_s.so.1 77f04000-77f05000 r-xp 00012000 00:02 331 /lib/libgcc_s.so.1 77f05000-77f06000 rwxp 00013000 00:02 331 /lib/libgcc_s.so.1 77f06000-77f9a000 r-xp 00000000 00:02 329 /lib/libc.so 77fa9000-77fab000 rwxp 00093000 00:02 329 /lib/libc.so 77fab000-77fad000 rwxp 00000000 00:00 0 7fb26000-7fb47000 rw-p 00000000 00:00 0 [stack] 7fefb000-7fefc000 r-xp 00000000 00:00 0 7ff0a000-7ff0b000 r--p 00000000 00:00 0 [vvar] 7ff0b000-7ff0c000 r-xp 00000000 00:00 0 [vdso] root@OpenWrt:/# cat /proc/self/maps 5561d000-5567b000 r-xp 00000000 00:02 1030 /bin/busybox 5568a000-5568b000 r-xp 0005d000 00:02 1030 /bin/busybox 5568b000-5568c000 rwxp 0005e000 00:02 1030 /bin/busybox 5568c000-5568d000 rwxp 00000000 00:00 0 77e8e000-77eb0000 r-xp 00000000 00:02 331 /lib/libgcc_s.so.1 77eb0000-77eb1000 r-xp 00012000 00:02 331 /lib/libgcc_s.so.1 77eb1000-77eb2000 rwxp 00013000 00:02 331 /lib/libgcc_s.so.1 77eb2000-77f46000 r-xp 00000000 00:02 329 /lib/libc.so 77f55000-77f57000 rwxp 00093000 00:02 329 /lib/libc.so 77f57000-77f59000 rwxp 00000000 00:00 0 7fd1c000-7fd3d000 rw-p 00000000 00:00 0 [stack] 7fefb000-7fefc000 r-xp 00000000 00:00 0 7ff60000-7ff61000 r--p 00000000 00:00 0 [vvar] 7ff61000-7ff62000 r-xp 00000000 00:00 0 [vdso] root@OpenWrt:/# Signed-off-by: Hauke Mehrtens --- I would like to get some comments if we should activate PIE by default. The advantage is that it will be harder to exploit OpenWrt, but on the other hand the binaries are getting bigger. We could also restrict this to some CPU types, but as targets share the binaries it is not really possible to do this based on the target. I am not sure if this should go into the next release or wait for later. This could also break some packages, as it is possible to activate PIE by default for some time many bugs are already fixed, but probably not all of them. config/Config-build.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/Config-build.in b/config/Config-build.in index 6d749476db..2d8a9db74c 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -196,7 +196,7 @@ menu "Global build settings" bool prompt "User space ASLR PIE compilation" select BUSYBOX_DEFAULT_PIE - default n + default y help Add -fPIC to CFLAGS and -specs=hardened-build-ld to LDFLAGS. This enables package build as Position Independent Executables (PIE)