Home

Awesome

RedFat -- A Binary Hardening System

RedFat is a tool for automatically hardening Linux x86_64 ELF binary executables against memory errors, including buffer overflows and use-after-free errors.

RedFat is based on an amalgamation of two complementary memory error detection technologies:

Using low-fat-pointers with binary code has some caveats, as is discussed below.

Releases

Binary releases of RedFat are available here:

Building

To build RedFat, simply run the script:

    $ ./build.sh

Basic Usage

To use RedFat. simply run redfat with the name of a binary executable, e.g.:

    $ ./redfat xterm

This will generate a hardened xterm.redfat binary. To run the binary, the libredfat.so runtime system must be LD_PRELOAD'ed as follows:

    $ LD_PRELOAD=$PWD/libredfat.so ./xterm.redfat

Advanced Usage

The basic usage may suffer from false detections with some binaries. This occurs when program (or compiler) deliberately creates out-of-bounds (OOB) pointers, and accessing such OOB pointers is indistinguishable from "real" memory errors under the basic low-fat-pointer checking.

To mitigate false detections, we can use dynamic analysis to determine which memory access operations are likely to cause false detections.

First, we build an allow-list-generation version of the binary:

    $ ./redfat -Xallowlist-gen xterm

This will generate an xterm.gen file that can be used to generate an allow-list. To use, run the gen version of the binary on a suitable test suite, ideally to maximize coverage:

    $ LD_PRELOAD=$PWD/libredfat.so ./xterm.gen

This process will generate an xterm.allow file which contains information about each memory access.

Next, we run redfat using the allow-list:

    $ ./redfat -Xallowlist-use xterm

This will generate a hardened xterm.redfat binary. This version uses a more conservative instrumentation for memory access operations that are likely to be false detections.

Options

The redfat tool supports several options to control the instrumentation and optimization levels.

The main instrumentation options are:

The main optimization options are:

The main allow-list options are:

The LowFat runtime also supports options that can be enabled using environment variables:

Debugging Mode

By default, RedFat can detect if a memory error occurs, but cannot report any information about the memory error, such as the kind of error (overflow, use-after-free), the accessed object, etc. This is by design, since tracking this information would make the instrumentation slower.

For more detailed information about memory errors, RedFat also supports a "debugging" mode that can be enabled via the -Xdebug option:

   $ ./redfat -Xdebug xterm

Unlike the default mode, the debugging mode will print detailed information about any memory error detected. For example:

    REDFAT WARNING: out-of-bounds error detected!
            instruction = movb $0x0, -0x20(%rdx) [0x2d698]
            access.ptr  = 0x3073820560
            access.size = 1
            access.obj  = [-48..+16]
            base.ptr    = 0x3073820580 (+32)
            base.obj    = [+48..+144] (free)

Here:

In this example, the base and access pointers refer to different objects, meaning that the access is deemed to be a out-of-bounds memory error.

Unlike the default mode:

Profiling Mode

RedFat supports a "profiling" mode that can be enabled via the -P option:

   $ ./redfat -P xterm

Profiling mode is similar to the default mode, but the following information to the terminal on program exit:

By enabling the REDFAT_PROFILE=1 environment variable, additional information will be printed:

Note that:

The ratio of heap versus non-heap pointers depends on the program, and how it chooses to allocate and access memory. If the ratio of (heap) is low, it may not be worthwhile to use RedFat on the binary.

Limitations

Troubleshooting

Generally, most binaries should work without an issue. When a problem does occur, it is usually one of the following:

License

This software has been released under the GNU Public License (GPL) Version 3.

Some specific files are released under the MIT license (check the file preamble).

Authors

RedFat is written by Gregory J. Duck. The initial prototyping and testing of RedFat was completed by Yuntong Zhang.

Publication

See Also

Bugs

RedFat is considered beta-quality software. Please report bugs here:

Acknowledgements

This work was partially supported by the National Satellite of Excellence in Trustworthy Software Systems, funded by the National Research Foundation (NRF) Singapore under the National Cybersecurity R&D (NCR) programme.

This work was partially supported by the Ministry of Education, Singapore (Grant No. MOE2018-T2-1-142).