[Libreoffice-bugs] [Bug 107124] New: Consider using exploit mitigation features in standard Linux builds like ASLR (-pie) and Stack Canaries (-fstack-protector-strong)

bugzilla-daemon Wed, 12 Apr 2017 09:01:49 -0700

https://bugs.documentfoundation.org/show_bug.cgi?id=107124


            Bug ID: 107124
           Summary: Consider using exploit mitigation features in standard
                    Linux builds like ASLR (-pie) and Stack Canaries
                    (-fstack-protector-strong)
           Product: LibreOffice
           Version: 5.3.2.2 release
          Hardware: All
                OS: Linux (All)
            Status: UNCONFIRMED
          Severity: enhancement
          Priority: medium
         Component: LibreOffice
          Assignee: libreoffice-bugs@lists.freedesktop.org
          Reporter: ha...@hboeck.de

The Linux download packages of libreoffice are not compiled with common
hardening flags that enable exploit mitigation features. This makes exploiting
security vulnerabilities much easier.

Here's the output of the checksec[1] tool for the soffice.bin of the
Libreoffice Linux x86_64 RPM download:
checksec --file ./opt/libreoffice5.3/program/soffice.bin
RELRO           STACK CANARY      NX            PIE             RPATH     
RUNPATH      FORTIFY Fortified Fortifiable  FILE
No RELRO        No canary found   NX enabled    No PIE          RPATH      No
RUNPATH   No      0               0      
./opt/libreoffice5.3/program/soffice.bin


I'm not familiar with all those features, but most notably there's no PIE (and
thus no address space layout randomization) and no stack cookies.

stack cookies can be enabled with -fstack-protector or -fstack-protector-strong
(read [2] for the difference). It is pretty common to do this these days, so
I'm surprised it's not enabled here.

ASLR is randomizing the addresses of functions and data in memory, however for
it to work it needs position independent code and position independent
executables, enabled with the -fpic and -pie flags. If those aren't enabled
then only libraries will be randomized, but not the code from the main
executable (which makes ASLR mostly pointless, because there's usually enough
code to do rop-style attacks in the main exec).

To advance libreoffice as a secure application I think it'd be good to enable
these (and maybe other) exploit mitigations. (Similar features are available on
Windows, but this is probably better discussed in a separate bug.)

[1] https://github.com/slimm609/checksec.sh
[2] https://lwn.net/Articles/584225/

-- 
You are receiving this mail because:
You are the assignee for the bug.

_______________________________________________
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 107124] New: Consider using exploit mitigation features in standard Linux builds like ASLR (-pie) and Stack Canaries (-fstack-protector-strong)

Reply via email to