summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2020-10-15 16:30:24 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2020-10-15 16:30:24 +0000
commitd402f1d56e6d2ea8abaaa77b10a6906a2302ec05 (patch)
tree15c27ec4387a19543ea80e0fab7ee704cff884ac
parentffcf7a30721e2587f44570e470827189426c8999 (diff)
crt0 MD _dl_exit() performs syscall to SYS_exit directly, but then
some of these functions were returning. That makes the +1word address a fairly strong and easily located gadget. Put a hard-trap instruction after the syscall. This remains a gadget for 'terminal system' calls (such as execve), but hey that's why we have pledge w/o "exec" throughout the tree. Quite surprisingly, hppa's delay-slot load of SYS_exit makes it the safest of the bunch, not that this helps anyone. ok kettenis
-rw-r--r--lib/csu/aarch64/md_init.h3
-rw-r--r--lib/csu/alpha/md_init.h4
-rw-r--r--lib/csu/amd64/md_init.h8
-rw-r--r--lib/csu/arm/md_init.h3
-rw-r--r--lib/csu/hppa/md_init.h9
-rw-r--r--lib/csu/i386/md_init.h4
-rw-r--r--lib/csu/m88k/md_init.h3
-rw-r--r--lib/csu/mips64/md_init.h4
-rw-r--r--lib/csu/powerpc/md_init.h4
-rw-r--r--lib/csu/powerpc64/md_init.h4
-rw-r--r--lib/csu/sh/md_init.h3
-rw-r--r--lib/csu/sparc64/md_init.h5
12 files changed, 24 insertions, 30 deletions
diff --git a/lib/csu/aarch64/md_init.h b/lib/csu/aarch64/md_init.h
index aa015293f10..de8b2512c0c 100644
--- a/lib/csu/aarch64/md_init.h
+++ b/lib/csu/aarch64/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.8 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.9 2020/10/15 16:30:21 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@@ -115,4 +115,5 @@
" svc #0 \n" \
" dsb nsh \n" \
" isb \n" \
+ " .word 0xa000f7f0 /* illegal */ \n" \
".previous");
diff --git a/lib/csu/alpha/md_init.h b/lib/csu/alpha/md_init.h
index ee71a702058..d503c751913 100644
--- a/lib/csu/alpha/md_init.h
+++ b/lib/csu/alpha/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.11 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.12 2020/10/15 16:30:23 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
* All rights reserved.
@@ -100,7 +100,7 @@
"_dl_exit: \n" \
" lda $0, " STR(SYS_exit) " \n" \
" callsys \n" \
- " ret")
+ " halt ")
#define MD_START_ARGS char **sp, void (*cleanup)(void)
#define MD_START_SETUP \
diff --git a/lib/csu/amd64/md_init.h b/lib/csu/amd64/md_init.h
index f136328eada..83365c3ea8d 100644
--- a/lib/csu/amd64/md_init.h
+++ b/lib/csu/amd64/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.7 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.8 2020/10/15 16:30:23 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@@ -115,9 +115,5 @@
"_dl_exit: \n" \
" movl $ " STR(SYS_exit) ", %eax \n" \
" syscall \n" \
- " jb 1f \n" \
- " ret \n" \
- "1: \n" \
- " neg %rax \n" \
- " ret \n" \
+ " int3 \n" \
" .previous")
diff --git a/lib/csu/arm/md_init.h b/lib/csu/arm/md_init.h
index c8026dfde56..d80c0cccbb5 100644
--- a/lib/csu/arm/md_init.h
+++ b/lib/csu/arm/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.15 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.16 2020/10/15 16:30:23 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@@ -159,4 +159,5 @@
" swi #0 \n" \
" dsb nsh \n" \
" isb \n" \
+ " .word 0xa000f7f0 /* illegal */ \n" \
".previous");
diff --git a/lib/csu/hppa/md_init.h b/lib/csu/hppa/md_init.h
index a7a502e2428..5abe6daff30 100644
--- a/lib/csu/hppa/md_init.h
+++ b/lib/csu/hppa/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.14 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.15 2020/10/15 16:30:23 deraadt Exp $ */
/*
* Copyright (c) 2003 Dale Rahn. All rights reserved.
@@ -148,12 +148,7 @@
" ldil L%0xc0000000, %r1 \n" \
" ble 4(%sr7, %r1) \n" \
" ldi " STR(SYS_exit) ", %t1 \n" \
- " comb,<> %r0, %t1, 1f \n" \
- " ldw -24(%sp), %rp \n" \
- " bv %r0(%rp) \n" \
- " nop \n" \
- "1: bv %r0(%rp) \n" \
- " sub %r0, %ret0, %ret0 \n" \
+ " break 0,0 \n" \
" .exit \n" \
" .procend")
diff --git a/lib/csu/i386/md_init.h b/lib/csu/i386/md_init.h
index 6f286ea8fc7..64d7aeb94aa 100644
--- a/lib/csu/i386/md_init.h
+++ b/lib/csu/i386/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.10 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.11 2020/10/15 16:30:23 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@@ -124,5 +124,5 @@
"_dl_exit: \n" \
" mov $" STR(SYS_exit) ", %eax\n" \
" int $0x80 \n" \
- " ret \n" \
+ " int3 \n" \
" .previous")
diff --git a/lib/csu/m88k/md_init.h b/lib/csu/m88k/md_init.h
index 5732c3c3caf..f73ed3e23bf 100644
--- a/lib/csu/m88k/md_init.h
+++ b/lib/csu/m88k/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.8 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.9 2020/10/15 16:30:23 deraadt Exp $ */
/*
* Copyright (c) 2012 Miodrag Vallat.
@@ -103,4 +103,5 @@
" or %r13, %r0, " STR(SYS_exit) " \n" \
" tb0 0, %r0, 450 \n" \
" or %r0, %r0, %r0 \n" \
+ " tb0 0, %r0, 130 /* breakpoint */ \n" \
" .previous");
diff --git a/lib/csu/mips64/md_init.h b/lib/csu/mips64/md_init.h
index 7328965c8ea..c5ed64c295f 100644
--- a/lib/csu/mips64/md_init.h
+++ b/lib/csu/mips64/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.18 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.19 2020/10/15 16:30:23 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@@ -146,7 +146,7 @@
"_dl_exit: \n" \
" li $v0, " STR(SYS_exit) " \n" \
" syscall \n" \
- " j $ra \n" \
+ " break 0 \n" \
" .end _dl_exit \n" \
" .previous")
diff --git a/lib/csu/powerpc/md_init.h b/lib/csu/powerpc/md_init.h
index 811262a9e24..fa4a3f514fb 100644
--- a/lib/csu/powerpc/md_init.h
+++ b/lib/csu/powerpc/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.10 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.11 2020/10/15 16:30:23 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@@ -124,5 +124,5 @@ __asm( \
"_dl_exit: \n" \
" li %r0, " STR(SYS_exit) " \n" \
" sc \n" \
-" blr \n" \
+" .long 0 # illegal \n" \
)
diff --git a/lib/csu/powerpc64/md_init.h b/lib/csu/powerpc64/md_init.h
index 3fa2ab118e6..e2054bd5754 100644
--- a/lib/csu/powerpc64/md_init.h
+++ b/lib/csu/powerpc64/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.3 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.4 2020/10/15 16:30:23 deraadt Exp $ */
/*
* Copyright (c) 2020 Dale Rahn <drahn@openbsd.org>
@@ -116,5 +116,5 @@ __asm( \
"_dl_exit: \n" \
" li %r0, " STR(SYS_exit) " \n" \
" sc \n" \
-" blr \n" \
+" .long 0 # illegal \n" \
)
diff --git a/lib/csu/sh/md_init.h b/lib/csu/sh/md_init.h
index e98b6044d96..f2940122c4a 100644
--- a/lib/csu/sh/md_init.h
+++ b/lib/csu/sh/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.9 2020/10/14 22:11:19 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.10 2020/10/15 16:30:23 deraadt Exp $ */
/* $NetBSD: dot_init.h,v 1.3 2005/12/24 22:02:10 perry Exp $ */
/*-
@@ -136,4 +136,5 @@ __asm(".section " #section "\n" \
"_dl_exit: \n" \
" mov #" STR(SYS_exit) ", r0 \n" \
" .word 0xc380 /* trapa #0x80 */ \n" \
+ " sleep /* illegal */ \n" \
".previous")
diff --git a/lib/csu/sparc64/md_init.h b/lib/csu/sparc64/md_init.h
index a8dc3e6e857..09f0f0cc1ec 100644
--- a/lib/csu/sparc64/md_init.h
+++ b/lib/csu/sparc64/md_init.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: md_init.h,v 1.8 2020/10/14 22:11:52 deraadt Exp $ */
+/* $OpenBSD: md_init.h,v 1.9 2020/10/15 16:30:23 deraadt Exp $ */
/*-
* Copyright (c) 2001 Ross Harvey
@@ -104,8 +104,7 @@
"_dl_exit: \n" \
" mov " STR(SYS_exit) ", %g1 \n" \
" t 0 \n" \
- " retl \n" \
- " sub %g0, %o0, %o0 \n" \
+ " unimp \n" \
" .previous")