Re: Three steps we could take to make supply chain attacks a bit harder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

* Gordon Messmer:

> Why doesn't dlopen() solve the problem?  As best I understand it,
> liblzma was able to steal one (or more) of the symbols from
> libcrypto.so.3 because it ran constructors at a point in time when the
> GOT was still writable.  After loading shared objects is complete,
> that table is made read-only.  If dlopen() is used after the program
> starts, then even if the library is loaded, it can't steal symbols in
> the table any more.

The rsa_pkcs1_ossl_meth variable that contains a function pointer to the
actual implementation resides in read-write memory:

    static RSA_METHOD rsa_pkcs1_ossl_meth = {
        "OpenSSL PKCS#1 RSA",
        rsa_ossl_public_encrypt,
        rsa_ossl_public_decrypt,     /* signature verification */
        rsa_ossl_private_encrypt,    /* signing */
        rsa_ossl_private_decrypt,
        rsa_ossl_mod_exp,
        BN_mod_exp_mont,            /* XXX probably we should not use Montgomery
                                     * if e == 3 */
        rsa_ossl_init,
        rsa_ossl_finish,
        RSA_FLAG_FIPS_METHOD,       /* flags */
        NULL,
        0,                          /* rsa_sign */
        0,                          /* rsa_verify */
        NULL,                       /* rsa_keygen */
        NULL                        /* rsa_multi_prime_keygen */
    };

The missing “const” keyword is probably an oversight, but I don't think
it matters because the variable is not used directly.  All access
happens through deefault_RSA_meth:

    static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth;
    
    void RSA_set_default_method(const RSA_METHOD *meth)
    {
        default_RSA_meth = meth;
    }
    
    const RSA_METHOD *RSA_get_default_method(void)
    {
        return default_RSA_meth;
    }
    
    const RSA_METHOD *RSA_PKCS1_OpenSSL(void)
    {
        return &rsa_pkcs1_ossl_meth;
    }
    
And that's clearly required to be read-write.  RSA_set_default_method is
a documented interface, too.  So I don't think GOT patching was required
to achieve the intended effect.

Furthermore, it's possible to undo the effect of RELRO with mprotect.

Using dlopen, liblzma would not have been loaded at run time, but it's
not clear if it had mattered because liblzma would still have been
loaded by RPM, both at build and install time.

Thanks,
Florian
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux