Binary hardening #79

Closed
kmcallister opened this Issue Mar 23, 2012 · 5 comments

Projects

None yet

2 participants

@kmcallister
Contributor

Current operating systems support a variety of features to frustrate memory corruption attacks. Some of these features need to be enabled at build time.

As security-sensitive network software, Mosh should be aggressive about using these features when available. Though this is often handled by distributions, it's not unheard of for upstream developers to enable hardening. Tor already has --enable-gcc-hardening and is considering making it the default. There's a similar patch in the Pidgin bugtracker.

I think Mosh should enable these features by default, with a configure flag to disable. We'll need to write Autoconf tests to determine which features are supported by the platform and compiler. I have tested that Mosh built with all of the above features runs fine on Debian.

@kmcallister
Contributor

(Apparently GitHub doesn't let non-admins take an issue, but feel free to assign this one to me.)

@keithw
Member
keithw commented Mar 24, 2012

I can't assign it to you either, but consider it all yours! I'll take any set of flags you recommend, assuming it works on g++ and clang++ on Linux and Mac.

@kmcallister
Contributor

I have a branch for this now. It's not ready to merge yet, but it would be great if people could test it. So far I've only tried it on GNU/Linux with g++.

@kmcallister
Contributor

I benchmarked this on a 1.6 GHz Atom N270 running Debian i386 with GCC 4.4.5. Here's the user time to run benchmark with ITERATIONS = 10000, averaged over 16 runs:

  • master: 11.86 s
  • Full hardening: 15.24 s = 29% slower
  • Everything except PIE: 14.20 s = 20% slower
  • Everything except stack protector: 12.59 s = 6% slower

Edit: These numbers get much better if I switch to Ubuntu 12.04 with GCC 4.6.3. Then it's only a 16% penalty for full hardening.

@kmcallister
Contributor

And a 3 GHz Phenom II X6 1075T, Debian amd64, GCC 4.6.3, ITERATIONS = 100000:

  • master: 19.51 s
  • Full hardening: 19.92 s
  • Everything except PIE: 19.94 s
  • Everything except stack protector: 19.73 s

So on this platform, full hardening costs us only 2%.

@keithw keithw added a commit that closed this issue Apr 11, 2012
@kmcallister @keithw kmcallister + keithw Use the hardening flags
Closes #79.
c615dca
@keithw keithw closed this in c615dca Apr 11, 2012
@kmcallister kmcallister added a commit to kmcallister/mosh that referenced this issue Apr 13, 2012
@kmcallister kmcallister Use the hardening flags
Closes #79.
c9f50ec
@kmcallister kmcallister added a commit to kmcallister/mosh that referenced this issue Apr 13, 2012
@kmcallister @keithw kmcallister + keithw Use the hardening flags
Closes #79.
349e2d2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment