[PATCH] Adding diversity for security
Nick Lewycky
nicholas at mxc.ca
Fri Jan 24 01:16:56 PST 2014
Sean Silva wrote:
> Was there ever consensus that we want to maintain this in LLVM? I just
> looked back at the original thread on llvmdev, and it looked like basically:
>
> - A number of security folks having an inconclusive, wandering,
> back-and-forth discussion about various security things that should have
> been done on a security mailing list.
> - Lots of "this seems maybe interesting, but ..." with the "but ..." not
> clearly addressed in any way. Often times the "but ..." was an
> alternative approach that would be more maintainable, effective, and/or
> fit in better with existing deployment processes.
> - No concrete use cases. Who is going to be deploying this? If nobody is
> deploying, then how do we know it will be maintained? It seems like the
> initial patch submitter has already jumped ship on this patch; doesn't
> exactly inspire confidence.
>
> It seems like basically nobody who participated in the original
> discussion on llvmdev is participating in this patch review either.
> Especially the people who had doubts don't seem to be participating;
> those doubts need to be addressed.
It wasn't clear from the email thread, but Geremy Condra represents a
customer of this patch who is also doing review, but from a security
standpoint not from an llvm code review standpoint. As for concrete
users, I'll simply say that his interest is not academic, and let him
say more if he wants to.
My own concerns about the level of security it provides are simply
because I'm not trained in the area. For an analogy, I feel like I'm
asking "why does RSA work? why doesn't somebody just figure out an
algorithm for factoring large numbers efficiently? what makes you think
that would be so hard?". It's a great line of questioning, but it
requires a whole lot more explaining than belong on llvm-dev or a patch
review thread.
While we're here, I want to point out something fun:
https://media.blackhat.com/us-13/US-13-Quynh-OptiROP-Hunting-for-ROP-Gadgets-in-Style-Slides.pdf
That's a paper from a blackhat presentation on a system for creating ROP
gadgets, which in turn is based on LLVM. Being the attackers, I don't
think we ever got any patches from them. This patch under review adds
protection from those ROP gadgets. We're now in the middle, "funding"
code and infrastructure for both sides of the ROP exploit arms race. Whee!
Nick
> Also, at the very least, adding the RNG should be split out into a
> separate patch.
>
> -- Sean Silva
>
>
> On Thu, Jan 23, 2014 at 6:08 PM, Julian Lettner
> <julian.lettner at gmail.com <mailto:julian.lettner at gmail.com>> wrote:
>
> Move patch forward to ToT.
>
> Hi rinon, ahomescu,
>
> http://llvm-reviews.chandlerc.com/D1802
>
> CHANGE SINCE LAST DIFF
> http://llvm-reviews.chandlerc.com/D1802?vs=6581&id=6621#toc
> <http://llvm-reviews.chandlerc.com/D1802?vs=6581&id=6621#toc>
>
> Files:
> include/llvm/CodeGen/CommandFlags.h
> include/llvm/MC/MCRegisterInfo.h
> include/llvm/Support/RandomNumberGenerator.h
> include/llvm/Target/TargetOptions.h
> lib/CodeGen/LLVMBuild.txt
> lib/CodeGen/SelectionDAG/ScheduleDAGRRList.cpp
> lib/LTO/LTOCodeGenerator.cpp
> lib/LTO/LTOModule.cpp
> lib/Support/CMakeLists.txt
> lib/Support/RandomNumberGenerator.cpp
> lib/Target/X86/CMakeLists.txt
> lib/Target/X86/NOPInsertion.cpp
> lib/Target/X86/X86.h
> lib/Target/X86/X86TargetMachine.cpp
> test/CodeGen/X86/nop-insert-percentage.ll
> test/CodeGen/X86/nop-insert.ll
> test/CodeGen/X86/sched-rnd-test.ll
> tools/llc/llc.cpp
> tools/llvm-lto/llvm-lto.cpp
> tools/lto/lto.cpp
> tools/opt/opt.cpp
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu <mailto:llvm-commits at cs.uiuc.edu>
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
>
>
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvm-commits
More information about the llvm-commits
mailing list