Monday, February 27, 2023

Re: How to produce statically linked sshd binary

Oh my god, don't do that!

Your program will have a single aspect of randomness.

If you leave it as it is, it has 6 .so's with independent random placement,
and 4 of them (sshd, ld.so, libc.so, and libcrypto.so) are randomly linked
at boot.

These independent randomness are an incomplete but strong mitigation
against ROP attack methods.

What you are trying to do is counter productive.


Erling Westenvik <erling.westenvik@gmail.com> wrote:

> Hi!
> In the past, at least into several 6.x releases, I was able to produce a
> statically linked sshd(8) binary like this:
>
> # cd /usr/src/usr.bin/ssh
> # make clean
> # make LDSTATIC=-static lib sshd
> # strip /usr/src/usr.bin/ssh/sshd/sshd
>
> On a fresh 7.2 install however, the above won't do anymore.
>
> (It stops dead complaining about the "lib"-part in LDSTATIC=. When
> trying without "lib" it goes on for a while but ends with complaints
> about malloc-something. As you probabley understand by now, I'm not
> exactly a wizard.. : )
>
> Anyone up for outlining a simple "how-to"?
>
> Kind regards,
>
> Erling
>

No comments:

Post a Comment