OpenBSD Journal

Further memory protections committed to -current

Contributed by rueda on from the set-in-stone dept.

In a long series of commits, Theo de Raadt (deraadt@) has added support for the immutable memory mappings on which we reported earlier. We see:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/10/06 21:20:58

Modified files:
	sys/sys        : exec_elf.h 

Log message:
Add identifiers for the new "mutable bss" section, ".openbsd.mutable" is
0x65a3dbe5.  Also add PF_MUTABLE as a segment flag for later use.

and:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/10/06 23:01:44

Modified files:
	sys/uvm        : uvm.h 

Log message:
new UVM_ET_IMMUTABLE flag marks a uvm entry as immutable.

and:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/10/07 08:59:39

Modified files:
	sys/kern       : exec_subr.c kern_exec.c kern_pledge.c 
	                 kern_resource.c syscalls.master 
	sys/sys        : mman.h 
	sys/arch/mips64/mips64: trap.c 
	sys/uvm        : uvm_extern.h uvm_io.c uvm_map.c uvm_map.h 
	                 uvm_mmap.c 

Log message:
Add mimmutable(2) system call which locks the permissions (PROT_*) of
memory mappings so they cannot be changed by a later mmap(), mprotect(),
or munmap(), which will error with EPERM instead.
ok kettenis

and:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/10/07 09:04:52

Modified files:
	gnu/llvm/lld/ELF: ScriptParser.cpp Writer.cpp 
	gnu/llvm/llvm/include/llvm/BinaryFormat: ELF.h 
	gnu/usr.bin/binutils/bfd: elf.c 
	gnu/usr.bin/binutils/binutils: readelf.c 
	gnu/usr.bin/binutils/include/elf: common.h 
	gnu/usr.bin/binutils/ld: ldgram.y 
	gnu/usr.bin/binutils-2.17/bfd: elf.c 
	gnu/usr.bin/binutils-2.17/binutils: readelf.c 
	gnu/usr.bin/binutils-2.17/include/elf: common.h 
	gnu/usr.bin/binutils-2.17/ld: ldgram.y 

Log message:
In the linkers, collect objects in section "openbsd.mutable" and place
them into a page-aligned region in the bss, with the right markers for
kernel/ld.so to identify the region and skip making it immutable.
While here, fix readelf/objdump versions to show all of this.
ok miod kettenis

and:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/10/07 09:21:04

Modified files:
	lib/libc       : Symbols.list shlib_version 
	lib/libc/hidden/sys: mman.h 
	lib/libc/sys   : Makefile.inc mmap.2 mprotect.2 munmap.2 
Added files:
	lib/libc/sys   : mimmutable.2 

Log message:
Add mimmutable(2) libc stub, add & adjust manual pages, and crank the minor.
ok kettenis

and:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2022/10/07 09:22:10

Modified files:
	usr.sbin/procmap: procmap.1 procmap.c 

Log message:
Show the entry immutable bit in the various output formats.

These commits provide an early preview of what could be one of the major changes in a future release, likely OpenBSD 7.3. Testing, early and often, is always welcome.

(Comments are closed)


Comments

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]