ProPolice and pthreads (was: ProPolice and FreeBSD)

Jeremie Le Hen jeremie at le-hen.org
Thu Jun 30 17:25:54 GMT 2005 

[ I'm not snipping anything since I'm Cc'ing to -threads at . ]

On Thu, Jun 30, 2005 at 06:50:17PM +0200, Jeremie Le Hen wrote:
> Hello,
> 
> maybe this question should be asked on -threads@, I'm not sure.  If it
> is, please tell me and I will redirect my mail.
> 
> I'm working on upgrading the ProPolice/SSP patch [1] to -CURRENT.  I
> initially used the patch against FreeBSD 5.1 to know which file I
> should modify and in which way in the source tree, but I used the
> newest patch against gcc 3.4.1 for gcc specific stuffs.
> 
> After a little work, I got a full FreeBSD built with SSP functions
> compiled in libc (it is also possible to compile it in libgcc but,
> AFAIU, this would require the SSP stuff to be statically built in
> all binaries since FreeBSD doesn't provide a shared libgcc).  I also
> read somewhere that some guys of the hardened Debian project have made
> a libssp, but I find this a little bit overkill (comments ?).
> 
> I recompiled host(1), libc and libpthread with debugging symbol.
> 
> Now the questions.  All binaries linked against libpthread immediately
> get a SIGSEGV :
> %%%
>     coyote:libc# gdb /usr/bin/host 
>     GNU gdb 6.1.1 [FreeBSD]
>     Copyright 2004 Free Software Foundation, Inc.
>     GDB is free software, covered by the GNU General Public License, and you are
>     welcome to change it and/or distribute copies of it under certain conditions.
>     Type "show copying" to see the conditions.
>     There is absolutely no warranty for GDB.  Type "show warranty" for details.
>     This GDB was configured as "i386-marcel-freebsd"...
>     (gdb) r
>     Starting program: /usr/bin/host 
>     warning: Unable to get location for thread creation breakpoint: generic error
>     [New LWP 100135]
>     
>     Program received signal SIGSEGV, Segmentation fault.
>     [Switching to LWP 100135]
>     _thr_cancel_enter (thread=0x0)
>         at /usr/src/lib/libpthread/thread/thr_cancel.c:269
>     269             THR_THREAD_LOCK(thread, thread);
>     (gdb) bt full
>     #0  _thr_cancel_enter (thread=0x0)
>         at /usr/src/lib/libpthread/thread/thr_cancel.c:269
>     No locals.
>     #1  0x282dd51b in __open (path=0x281bc0c0 "ÀÀ\033( \220\033(", flags=0)
>         at /usr/src/lib/libpthread/thread/thr_open.c:53
>             curthread = (struct pthread *) 0x0
>             ret = 0
>             mode = 0
>     #2  0x2838f40b in __guard_setup ()
>         at /usr/src/lib/libc/sys/stack_protector.c:51
>             fd = 0
>     #3  0x283cbe22 in lseek () from /lib/libc.so.6
>     No symbol table info available.
>     #4  0x28316dd1 in _init () from /lib/libc.so.6
>     No symbol table info available.
>     #5  0x281b8000 in ?? ()
>     No symbol table info available.
>     #6  0x281ad6fc in ?? () from /libexec/ld-elf.so.1
>     No symbol table info available.
>     #7  0xbfbfeca8 in ?? ()
>     No symbol table info available.
>     #8  0x2818cc79 in find_symdef () from /libexec/ld-elf.so.1
>     No symbol table info available.
>     #9  0x2818b759 in _rtld () from /libexec/ld-elf.so.1
>     No symbol table info available.
>     #10 0x2818a98e in .rtld_start () from /libexec/ld-elf.so.1
>     No symbol table info available.
> %%%
> 
> __guard_setup() is the constructor of the SSP patch, it generates a
> random cookie for the application runtime :
> %%%
>     static void __guard_setup(void) __attribute__ ((constructor));
>     static void
>     __guard_setup(void)
>     {
>       int fd;
>       if (__guard[0]!=0) return;
>       fd = open ("/dev/urandom", 0);
>       if (fd != -1) {
>         ssize_t size = read (fd, (char*)&__guard, sizeof(__guard));
>         close (fd) ;
>         if (size == sizeof(__guard)) return;
>       }
>       /* If a random generator can't be used, the protector switches the guard
>          to the "terminator canary" */
>       ((char*)__guard)[0] = 0; ((char*)__guard)[1] = 0;
>       ((char*)__guard)[2] = '\n'; ((char*)__guard)[3] = 255;
>     }
> %%%
> 
> I am neither a gcc hacker nor a thread guru, so I have no clue on how to
> resolve this issue.  Advices are welcome.
> 
> Thanks.
> 
> Regards,
> [1] http://www.trl.ibm.com/projects/security/ssp/

cognet@ sent me the following patch and it makes pthreaded programs
work like a charm.  He also said me that this change will be surely
needed for libthr.

%%%
    cvs diff: Diffing .
    Index: thr_open.c
    ===================================================================
    RCS file: /nfs/donald/repo/FreeBSD/src/lib/libpthread/thread/thr_open.c,v
    retrieving revision 1.16
    diff -u -p -r1.16 thr_open.c
    --- thr_open.c  9 Dec 2003 02:20:56 -0000       1.16
    +++ thr_open.c  30 Jun 2005 17:19:03 -0000
    @@ -45,11 +45,14 @@ __weak_reference(__open, open);
     int
     __open(const char *path, int flags,...)
     {
    -       struct pthread *curthread = _get_curthread();
    +       struct pthread *curthread;
            int     ret;
            int     mode = 0;
            va_list ap;
     
    +       if (_thr_initial == NULL)
    +               _libpthread_init(NULL);
    +       curthread = _get_curthread();
            _thr_cancel_enter(curthread);
     
            /* Check if the file is being created: */
%%%

For now, I'm including this in my ProPolice patch.

Regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

More information about the freebsd-hackers mailing list