This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- From: DJ Delorie <dj at redhat dot com>
- To: Moritz Eckert <m dot eckert at cs dot ucsb dot edu>
- Cc: Florian Weimer <fweimer at redhat dot com>, libc-alpha at sourceware dot org, scarybeasts at gmail dot com
- Date: Fri, 3 Nov 2017 13:44:02 -0400 (EDT)
- Subject: Re: [PATCH] malloc/malloc.c: Mitigate null-byte overflow attacks
- Authentication-results: sourceware.org; auth=none
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
- Authentication-results: ext-mx03.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=dj at redhat dot com
- Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com D22F27E423
- References: <xn4lqp4laq.fsf@greed.delorie.com> <82d1760e-ef0f-9f0f-57be-3848f2b8d0ad@cs.ucsb.edu> <692369cd-e44d-e8b4-4dd2-95d188113658@redhat.com> <6a8f115d-41bd-114c-0a92-e543ef9ac8de@cs.ucsb.edu>
> I like those ideas, the first two seem to be straight forward to
> integrate. If that's something you guys want, I can write a patch for that?
Assuming we have a fast way to convert to big-endian, I think it would be interesting to make all the size fields big-endian, and see if that affects performance measurably. I think it would make overflow hacks significantly more difficult. The MSB alone isn't enough, so a simple rotate is insufficient, as the MSB tends to be zero already on 64-bit platforms.
Alternately, a simple XOR with a magic number means a set-to-zero would un-XOR to a horribly wrong new "size". Even a fixed magic number would increase hackability significantly, although a per-process one would be better (and more expensive to do at runtime, unfortunately).
Heck, even ~size would be interesting to ponder. The question is, which operations will break-in attempts have access to?
This will, of course, further break dumped heaps, like emacs, but hopefully we're past that by now.