From owner-freebsd-security@FreeBSD.ORG Sun Dec 30 13:29:16 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BE36A16A419 for ; Sun, 30 Dec 2007 13:29:16 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by mx1.freebsd.org (Postfix) with ESMTP id 56E6213C455 for ; Sun, 30 Dec 2007 13:29:16 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id 37D0A3F614F; Sun, 30 Dec 2007 14:29:15 +0100 (CET) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id EA8623F617E; Sun, 30 Dec 2007 14:29:14 +0100 (CET) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id DAAD19B497; Sun, 30 Dec 2007 13:26:11 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id CD5A2405B; Sun, 30 Dec 2007 14:26:11 +0100 (CET) Date: Sun, 30 Dec 2007 14:26:11 +0100 From: Jeremie Le Hen To: Mike Silbersack Message-ID: <20071230132611.GD10467@obiwan.tataz.chchile.org> References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> <20071228200428.J6052@odysseus.silby.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20071228200428.J6052@odysseus.silby.com> User-Agent: Mutt/1.5.15 (2007-04-06) Cc: Gunther Mayer , freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 30 Dec 2007 13:29:16 -0000 Hi, On Fri, Dec 28, 2007 at 08:20:20PM -0600, Mike Silbersack wrote: > Since the subject came up, I just tried using it, and it's not giving me the > results I expected. Take the following program: > > #include > #include > #include > > void overrun(void); > > int main(void) > { > overrun(); > } > > void overrun(void) > { > int x; > char a[4]; > int y; > > strcpy(a, "ABCDE"); > printf("hi"); > } > > If I compile it like so: > > cc -g -fstack-protector-all overrun.c > > The overrun is detected and the program is aborted. > > ./a.out > Abort (core dumped) > > But if I compile it like so: > > cc -g -fstack-protector overrun.c > > The overrun is not caught. > > ./a.out > hi> > > Either I'm doing something wrong, or we have gcc misconfigured and it's not > detecting that strcpy is a function which needs to be watched closedly. Actually, you did nothing wrong. Except maybe not wasting time to look at GCC info page ;). % `-fstack-protector' % Emit extra code to check for buffer overflows, such as stack % smashing attacks. This is done by adding a guard variable to % functions with vulnerable objects. This includes functions that % call alloca, and functions with buffers larger than 8 bytes. The % guards are initialized when a function is entered and then checked % when the function exits. If a guard check fails, an error message % is printed and the program exits. I believed it was possible to customize this threshold (I'm pretty sure I've already seen such an option in some patch floating around GCC community) but a quick glance a the source shows it is not possible actually. Regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >