This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Alternative libio vtable hardening approach
- From: Pedro Alves <palves at redhat dot com>
- To: Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>, Kees Cook <keescook at chromium dot org>, Yunlian Jiang <yunlian at google dot com>
- Date: Fri, 3 Jun 2016 10:34:32 +0100
- Subject: Re: Alternative libio vtable hardening approach
- Authentication-results: sourceware.org; auth=none
- References: <b34105f2-adcb-9347-73c0-43079729c418 at redhat dot com>
On 05/31/2016 02:07 PM, Florian Weimer wrote:
> I have implemented a completely different approach to vtable hardening.
>
> The basic idea is to put all libc vtables into a single array, and then
> check whether the vtable pointer is within that array.
Instead of a single array, how about instead putting all the vtables in
the same section with __attribute__ section. Something like:
+ #define __vtable __attribute__ ((section("vtables")))
- const struct _IO_jump_t _IO_file_jumps_mmap =
+ const struct _IO_jump_t __vtable _IO_file_jumps_mmap =
...
and then check whether the vtable pointer is within that section,
with __start_vtables, __end_vtables:
static inline const struct _IO_jump_t *
IO_validate_vtable (const struct _IO_jump_t *vtable)
{
extern char __start_vtables[];
extern char __end_vtables[];
if (!__glibc_likely ((long) __start_vtables <= vtable
&& vtable < (long) __end_vtables))
IO_vtable_check ();
return vtable;
}
That'd avoid having to have a central place that knows about all
the vtables. It'd probably make the patch smaller too, as
side effect.
Thanks,
Pedro Alves