[[!template id=project

title="Secure-PLT - supporting RELRO binaries (350h)"

contact="""
[tech-userlevel](mailto:tech-userlevel@NetBSD.org)
"""

mentors="""
[Christos Zoulas](mailto:christos@NetBSD.org)
"""

category="userland"
difficulty="medium"
duration="350h"

description="""
All architectures suffer from code injection issues because the only writable segment is the PLT/GOT. RELRO (RELocation Read Only) is a mitigation technique that is used during dynamic linking to prevent access to the PLT/GOT. There is partial RELRO which protects that GOT but leaves the PLT writable, and full RELRO that protects both at the expense of performing a full symbol resolution at startup time. The project is about making the necessary modifications to the dynamic loader (ld_elf.so) to make RELRO work.

If that is completed, then we can also add the following improvement:
Currently kernels with options PAX_MPROTECT can not execute dynamically linked binaries on most RISC architectures, because the PLT format defined by the ABI of these architectures uses self-modifying code. New binutils versions have introduced a different PLT format (enabled with --secureplt) for alpha and powerpc.


Milestones:

* For all architectures we can improve security by implementing [relro](http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.html)[2](https://www.redhat.com/en/blog/hardening-elf-binaries-using-relocation-read-only-relro).
* Once this is done, we can improve security for the RISC architectures by adding support for the new PLT formats introduced in binutils 2.17 and gcc4.1 This will require changes to the dynamic loader (ld.elf_so), various assembly headers, and library files.
* Support for both the old and new formats in the same invocation will be required.

Status:
* Added support to the dynamic loader (ld.elf_so) to handle protecting the GNU relro section.
* Enabled partial RELRO by default on x86.

"""
]]

[[!tag gsoc]]
[[!tag gsoc350h]]