atexit() and stdio() protection
Hi folks, I'm trying to dig up information on the atexit() and stdio() protection given in the FAQ. I can find lots of statements that this protection exists, but I can't find any presentations or papers saying what they are and what they do. The man pages for these functions don't seem to have anything explicit about this protection. Any pointers? Man pages I should read? Thanks, ==ml -- Michael W. Lucas http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery mwlu...@michaelwlucas.com, Twitter @mwlauthor
Re: atexit() and stdio() protection
I guess you are talking about mitigation mechanisms. I am not aware of any stdio protection mechanisms. However, our atexit has a bizzare quirk, as does our malloc. These functions protect their own internal data structures by mprotect()'ing them as non-writeable after updating them. It isn't worth mentioning in a manual page. But if you dug into the source code, and the commit logs, you'd see this cleverness in action. It slows malloc down a little bit, but it makes it a lot harder to attack the back-end. > I'm trying to dig up information on the atexit() and stdio() > protection given in the FAQ. I can find lots of statements that this > protection exists, but I can't find any presentations or papers saying > what they are and what they do. The man pages for these functions > don't seem to have anything explicit about this protection. > > Any pointers? Man pages I should read? > > Thanks, > ==ml > > -- > Michael W. Lucas > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery > mwlu...@michaelwlucas.com, Twitter @mwlauthor
Re: atexit() and stdio() protection
On Wed, Jul 18, 2012 at 10:21:04PM -0600, Theo de Raadt wrote: > I guess you are talking about mitigation mechanisms. > > I am not aware of any stdio protection mechanisms. well, apart from careful handling of file descriptors everywhere to make sure fd 0, 1 and 2 remain what they are supposed to be. -Otto > > However, our atexit has a bizzare quirk, as does our malloc. > > These functions protect their own internal data structures by > mprotect()'ing them as non-writeable after updating them. > > It isn't worth mentioning in a manual page. But if you dug into > the source code, and the commit logs, you'd see this cleverness in > action. > > It slows malloc down a little bit, but it makes it a lot harder to > attack the back-end. > > > I'm trying to dig up information on the atexit() and stdio() > > protection given in the FAQ. I can find lots of statements that this > > protection exists, but I can't find any presentations or papers saying > > what they are and what they do. The man pages for these functions > > don't seem to have anything explicit about this protection. > > > > Any pointers? Man pages I should read? > > > > Thanks, > > ==ml > > > > -- > > Michael W. Lucas > > http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/ > > Latest book: SSH Mastery http://www.michaelwlucas.com/nonfiction/ssh-mastery > > mwlu...@michaelwlucas.com, Twitter @mwlauthor