Changeset e502de1

Timestamp:

09/11/2022 03:35:06 AM (20 months ago)

Author:

Xi Ruoyao <xry111@…>

Branches:

11.3, 11.3-rc1, 12.0, 12.0-rc1, 12.1, 12.1-rc1, bdubbs/gcc13, multilib, renodr/libudev-from-systemd, trunk, xry111/arm64, xry111/arm64-12.0, xry111/clfs-ng, xry111/loongarch, xry111/loongarch-12.0, xry111/loongarch-12.1, xry111/mips64el, xry111/pip3, xry111/rust-wip-20221008, xry111/update-glibc

Children:

a710d35

Parents:

8d3b254

Message:

gcc: some reword of PIE/SSP/ASLR note

Expand tabs to 8 spaces like everywhere else in the book.

Explain that shared libraries are already covered by ASLR, PIE expands
the ASLR to cover the exetutables.

In 2022, stack smashing attackings are mostly constructing a sequence of
faked returning addresses to exectute a series of function already
existing in the programs or libraries itself (ret2lib). Returning into
the code injected by the attacker is almost impossible because on
i686 (with a PAE/NX enabled kernel) or x86_64, running injected code
needs W/X mappings and those are very rare these days.

Files:

• chapter05/gcc-pass1.xml (modified) (1 diff)
• chapter08/gcc.xml (modified) (2 diffs)

chapter05/gcc-pass1.xml

@@ -140 +140 @@
         <listitem>
           <para>Those switches allow GCC to compile programs with
-          some hardening security features (more information on those in
-          the <xref linkend="pie-ssp-info"/> in chapter 8). They are not
-          strictly needed at this stage, since the compiler will only produce
-          temporary executables. But it is cleaner to have the temporary
-          packages be as close as possible to the final ones.
+           some hardening security features (more information on those in
+           the <xref linkend="pie-ssp-info"/> in chapter 8) by default. The
+           are not strictly needed at this stage, since the compiler will
+           only produce temporary executables. But it is cleaner to have the
+           temporary packages be as close as possible to the final ones.
           </para>
         </listitem>

chapter08/gcc.xml

@@ -109 +109 @@
     <note id="pie-ssp-info" xreflabel="note on PIE and SSP">
       <para>
-        PIE (position independent executable) is a technique to produce
-        binary programs that can be loaded anywhere in memory. Together
-        with a feature named ASLR (Address Space Layout Randomization),
-        this allows programs to never have the same memory layout,
-        thus defeating attacks based on reproducible memory patterns.
+        PIE (position-independent executable) is a technique to produce
+        binary programs that can be loaded anywhere in memory.  Without PIE,
+        the security feature named ASLR (Address Space Layout Randomization)
+        can be applied for the shared libraries, but not the exectutable
+        itself.  Enabling PIE allows ASLR for the executables in addition to
+        the shared libraries, and mitigates some attacks based on fixed
+        addresses of sensitive code or data in the executables.
       </para>
       <para>
@@ -119 +121 @@
         that the parameter stack is not corrupted. Stack corruption can
         for example alter the return address of a subroutine,
-        which would allow transferring control to an attacker program instead
-        of the original one.
+        which would allow transferring control to some dangerous code
+        (existing in the program or shared libraries, or injected by the
+        attacker somehow) instead of the original one.
       </para>
     </note>