Libc Pointer Encryption Issues

Question

Libc Pointer Encryption Issues

glibcand eglibchave PTR_MANGLEthat encrypts pointers in the writable memory (more precisely, "XOR", not "encrypts").

I do not read this feature very well. man -k PTR_MANGLEreturns no hits, and Google returns some superficial chatter. One of the few final articles is Drepper Index Encryption in the Live Journal.

Does it have in-depth documentation? Can it be extended in the user space process or is it limited by the runtime library? If so, which compiler switch or option to enable this function? Is it possible to disable a function at runtime?

+4

c security libc

jww Oct 25 '13 at 7:51

source share

1 answer

R .. · Accepted Answer · 2013-10-25T11:11:41+0000

PTR_MANGLEis an internal macro function of glibc. It is not automated by the compiler. You can duplicate the same thing in your applications, but you also have to do it manually; it works something like this:

uintptr_t xor_key; // needs to be initialized with random "key" before use
#define PTR_MANGLE(p) (1 ? (void *)((uintptr_t)(p) ^ xor_key) : p)

This may be completely different from the glibc implementation; I did not look at him for a long time and just wrote it from my head. The apparently useless use of the conditional operator is to force the resulting expression to be of the same type as the original pointer, so it can be used directly.

Please note that the operation is its own inversion; therefore, it PTR_MANGLEcan be used both for “encryption” and for “decryption”.

Libc Pointer Encryption Issues

More articles: