tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Adding a boot flag for No ASLR



On 24.07.2018 06:44, Martin Husemann wrote:
> On Mon, Jul 23, 2018 at 11:02:04PM +0200, Kamil Rytarowski wrote:
>> We need to maintain a function to translate certain ranges to
>> shadow/meta/origin/etc. We cannot map arbitrarily wide ranges to them.
> 
> Can we extend the pax note (or create a new one) and make the sanitizers
> link that in? Then make the kernel reserve some (random) VA spaces
> (details of what is needed in the note) and provide some way for the
> sanitizers to find that special VAs (like from the aux vector)?
> 
> Martin
> 

PaX ELF Note is already inlined from lib/csu into every binary.

ASan, TSan and MSan are not designed for hardening, but for bug
detecting in the process of development.

I don't think that there is really need for changing the PaX ASLR code
to be compatible with them, it's sufficient that we can disable this
option. With !ASLR all currently known and potentially new problems are
gone.


We can handle it differently.

I propose to move the code disabling PaX ASLR from bootloader and kernel
as proposed in the patch by Siddharth and introduce it directly into the
sanitizer, We can alter the CheckASLR() routine specific to NetBSD, with
the following pseudo-code:

if (getpid() == 1) {
 disable_pax_aslr();
 reexec().
}

The reexec() functionality is already used by sanitizers and it is
supported on NetBSD.

This will be a special case for init(8) with a minimal extra code.

Pros:
 - no changes to the bootloader and booting process
 - no changes in the kernel
 - no new or changed ELF notes
 - no nee to rework PaX ASLR
 - no source code changed to init(8)

Cons:
 - it might seem ugly

Attachment: signature.asc
Description: OpenPGP digital signature



Home | Main Index | Thread Index | Old Index