Is there interest in gentoo-cfi?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Is there interest in gentoo-cfi?

Hanno Böck-4
Hi,

Control Flow Integrity is a new set of exploit mitigations (strictly
speaking, there is not "the CFI", but many variants). LLVM/clang has
support for some form of CFI since a while. The rough idea is that it
adds additional checks to the code to avoid jumps to code pieces that
shouldn't happen.

I'm wondering if there's interest in creating a gentoo-hardened-cfi
variant. I've been playing with it a bit. By setting the right
cc/cflags/etc. variables it's relatively straightforward to compile
single packages with cfi.

However when one tries to recompile packages a lot of errors show up.
Most of them aren't directly related to CFI (though some are). CFI
depends on:
* clang, which is not our default (there has been work in the past for
  gentoo with clang).
* fvisibility=hidden. This was afair discussed a while back, but never
  considered to be enabled in general, only for specific packages.
* link time optimization/lto and thus the gold linker, because the
  "classic" ld doesn't support lto.
Many issues that pop up seem like issues to build systems and linking.
In some cases though one needs to fix function pointer definitions that
don't match their respective functions. (Here's a fix [1] that I sent
to curl and that'll be applied in the next version.)

For now I'm just investigating whether there's interest in this. I
could create some docs in the wiki on how to get started.

[1]
https://github.com/curl/curl/commit/aced311d189a70c7d9b2d958739bcfc1231b3698
--
Hanno Böck
https://hboeck.de/

mail/jabber: [hidden email]
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42

Reply | Threaded
Open this post in threaded view
|

Re: Is there interest in gentoo-cfi?

Michael Orlitzky
On 04/08/2017 06:39 AM, Hanno Böck wrote:
>
> For now I'm just investigating whether there's interest in this. I
> could create some docs in the wiki on how to get started.
>

Yeah, sounds like fun. Using ld.gold isn't much of a problem these days,
at least in my experience. Clang works for most things, with the notable
exception of the Linux kernel. We have trackers for those two:

   gold: https://bugs.gentoo.org/show_bug.cgi?id=269315
   llvm: https://bugs.gentoo.org/show_bug.cgi?id=408963

I'm not sure how the tree would react to -fvisibility=hidden.


Reply | Threaded
Open this post in threaded view
|

Re: Is there interest in gentoo-cfi?

Sven Vermeulen
In reply to this post by Hanno Böck-4
On Sat, Apr 08, 2017 at 12:39:28PM +0200, Hanno Böck wrote:

> Control Flow Integrity is a new set of exploit mitigations (strictly
> speaking, there is not "the CFI", but many variants). LLVM/clang has
> support for some form of CFI since a while. The rough idea is that it
> adds additional checks to the code to avoid jumps to code pieces that
> shouldn't happen.
>
> I'm wondering if there's interest in creating a gentoo-hardened-cfi
> variant. I've been playing with it a bit. By setting the right
> cc/cflags/etc. variables it's relatively straightforward to compile
> single packages with cfi.
>
> However when one tries to recompile packages a lot of errors show up.
> Most of them aren't directly related to CFI (though some are). CFI
> depends on:
> * clang, which is not our default (there has been work in the past for
>   gentoo with clang).
> * fvisibility=hidden. This was afair discussed a while back, but never
>   considered to be enabled in general, only for specific packages.
> * link time optimization/lto and thus the gold linker, because the
>   "classic" ld doesn't support lto.
> Many issues that pop up seem like issues to build systems and linking.
> In some cases though one needs to fix function pointer definitions that
> don't match their respective functions. (Here's a fix [1] that I sent
> to curl and that'll be applied in the next version.)
>
> For now I'm just investigating whether there's interest in this. I
> could create some docs in the wiki on how to get started.
>
> [1]
> https://github.com/curl/curl/commit/aced311d189a70c7d9b2d958739bcfc1231b3698

I'm definitely interested in seeing CFI solution(s) within Gentoo Hardened.
Your last suggestion (to start off with some docs in the wiki) would indeed
be the best start, allowing others to chime in when needed and extend.

Wkr,
        Sven Vermeulen