From owner-freebsd-audit Sun Oct 14 16:26: 7 2001 Delivered-To: freebsd-audit@freebsd.org Received: from heechee.tobez.org (254.adsl0.ryv.worldonline.dk [213.237.10.254]) by hub.freebsd.org (Postfix) with ESMTP id 37E2337B40E for ; Sun, 14 Oct 2001 16:26:04 -0700 (PDT) Received: by heechee.tobez.org (Postfix, from userid 1001) id 343765411; Mon, 15 Oct 2001 01:25:56 +0200 (CEST) Date: Mon, 15 Oct 2001 01:25:56 +0200 From: Anton Berezin To: audit@FreeBSD.ORG Subject: restore(8) segfault patch Message-ID: <20011015012556.A49087@heechee.tobez.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, restore(8) segfaults when -y is specified `restoring' on a read-only FS. This tiny patch fixes it: cvs diff: Diffing . Index: symtab.c =================================================================== RCS file: /home/ncvs/src/sbin/restore/symtab.c,v retrieving revision 1.7 diff -u -r1.7 symtab.c --- symtab.c 28 Aug 1999 00:14:08 -0000 1.7 +++ symtab.c 14 Oct 2001 23:17:22 -0000 @@ -471,6 +471,7 @@ fprintf(stderr, "fopen: %s\n", strerror(errno)); panic("cannot create save file %s for symbol table\n", filename); + done(1); } clearerr(fd); /* =Anton. -- | Anton Berezin | FreeBSD: The power to serve | | catpipe Systems ApS _ _ |_ | http://www.FreeBSD.org | | tobez@catpipe.net (_(_|| | tobez@FreeBSD.org | | +45 7021 0050 | Private: tobez@tobez.org | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Oct 14 18:45:30 2001 Delivered-To: freebsd-audit@freebsd.org Received: from beppo.feral.com (beppo.feral.com [192.67.166.79]) by hub.freebsd.org (Postfix) with ESMTP id 8E9AA37B409; Sun, 14 Oct 2001 18:45:27 -0700 (PDT) Received: from mailhost.feral.com (mjacob@mailhost.feral.com [192.67.166.1]) by beppo.feral.com (8.11.3/8.11.3) with ESMTP id f9F1jQH10338; Sun, 14 Oct 2001 18:45:26 -0700 (PDT) (envelope-from mjacob@feral.com) Date: Sun, 14 Oct 2001 18:45:26 -0700 (PDT) From: Matthew Jacob X-Sender: mjacob@beppo Reply-To: mjacob@feral.com To: marcel@freebsd.org Cc: audit@freebsd.org Subject: change to linux/Makefile Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is the onoy way I could get the linux module to compile under Alpha with a system directory that was not part of /usr/src (oh, yeah, fore RELENG_4). If you've a better way *that works* I'd love to see it. Index: modules/linux/Makefile =================================================================== RCS file: /home/ncvs/src/sys/modules/linux/Makefile,v retrieving revision 1.34.2.6 diff -u -r1.34.2.6 Makefile --- modules/linux/Makefile 2001/04/25 11:24:04 1.34.2.6 +++ modules/linux/Makefile 2001/10/15 01:44:07 @@ -17,6 +17,7 @@ .endif # CFLAGS+= -DDEBUG +CFLAGS += -I${.CURDIR}/../../${MACHINE_ARCH}/linux EXPORT_SYMS=_linux_mod CLEANFILES= linux_assym.h linux_genassym.o To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Oct 14 20:53:33 2001 Delivered-To: freebsd-audit@freebsd.org Received: from kayak.xcllnt.net (209-128-86-226.bayarea.net [209.128.86.226]) by hub.freebsd.org (Postfix) with ESMTP id BB53B37B409 for ; Sun, 14 Oct 2001 20:53:30 -0700 (PDT) Received: from dhcp01.pn.xcllnt.net (dhcp01.pn.xcllnt.net [192.168.4.201]) by kayak.xcllnt.net (8.11.4/8.11.4) with ESMTP id f9F3rPI95870; Sun, 14 Oct 2001 20:53:25 -0700 (PDT) (envelope-from marcel@kayak.pn.xcllnt.net) Received: (from marcel@localhost) by dhcp01.pn.xcllnt.net (8.11.6/8.11.3) id f9F3rnI00649; Sun, 14 Oct 2001 20:53:49 -0700 (PDT) (envelope-from marcel) Date: Sun, 14 Oct 2001 20:53:49 -0700 From: Marcel Moolenaar To: Matthew Jacob Cc: audit@freebsd.org Subject: Re: change to linux/Makefile Message-ID: <20011014205349.A528@dhcp01.pn.xcllnt.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.21i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Oct 14, 2001 at 06:45:26PM -0700, Matthew Jacob wrote: > > This is the onoy way I could get the linux module to compile under Alpha with > a system directory that was not part of /usr/src (oh, yeah, fore RELENG_4). > > If you've a better way *that works* I'd love to see it. Ah, a challenge! :-) Unfortunately, I don't have -stable on my Alpha and building a 4.x source tree on current seems to work (besides gensetdefs missing). If the patch is needed to make the module compile, then by all means feel free to commit. I have no way to test or verify it, or even reason about it (no failure details). -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Oct 14 21: 0:16 2001 Delivered-To: freebsd-audit@freebsd.org Received: from beppo.feral.com (beppo.feral.com [192.67.166.79]) by hub.freebsd.org (Postfix) with ESMTP id 2EF7E37B403 for ; Sun, 14 Oct 2001 21:00:13 -0700 (PDT) Received: from mailhost.feral.com (mjacob@mailhost.feral.com [192.67.166.1]) by beppo.feral.com (8.11.3/8.11.3) with ESMTP id f9F40BH11321; Sun, 14 Oct 2001 21:00:11 -0700 (PDT) (envelope-from mjacob@feral.com) Date: Sun, 14 Oct 2001 21:00:11 -0700 (PDT) From: Matthew Jacob X-Sender: mjacob@beppo Reply-To: mjacob@feral.com To: Marcel Moolenaar Cc: audit@FreeBSD.ORG Subject: Re: change to linux/Makefile In-Reply-To: <20011014205349.A528@dhcp01.pn.xcllnt.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Oh- sorry about- the details were: ===> linux @ -> /tstsys machine -> /tstsys/alpha/include cc -c -O -pipe -mcpu=ev4 -D_KERNEL -Wall -Wredundant-decls -Wnested-externs -Ws trict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -ff ormat-extensions -ansi -DKLD_MODULE -nostdinc -I- -I. -I@ -I@/../include -I/usr /include -mno-fp-regs -Wa,-mev56 -Wall -Wredundant-decls -Wnested-externs -Wstr ict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -ffor mat-extensions -ansi /tstsys/modules/linux/../../alpha/linux/linux_genassym.c In file included from /tstsys/modules/linux/../../alpha/linux/linux_genassym.c:8 : @/alpha/linux/linux.h:34: linux_syscall.h: No such file or directory In file included from /tstsys/modules/linux/../../alpha/linux/linux_genassym.c:8 : @/alpha/linux/linux.h:428: `LINUX_SYS_MAXSYSCALL' undeclared here (not in a func tion) *** Error code 1 Stop in /tstsys/modules/linux. The first problem was that there was no linux_syscall anyway. The second problem was that even when I regen'd them for -stable, the compile wasn't finding them. BTW- I'm not 100% convinced that similar problems are avoided in -current- by my having both a /usr/src on all of my machines as well as a /tstsys I probably get lots of unintentional 'sorta maybe kind mostly works' situations. On Sun, 14 Oct 2001, Marcel Moolenaar wrote: > On Sun, Oct 14, 2001 at 06:45:26PM -0700, Matthew Jacob wrote: > > > > This is the onoy way I could get the linux module to compile under Alpha with > > a system directory that was not part of /usr/src (oh, yeah, fore RELENG_4). > > > > If you've a better way *that works* I'd love to see it. > > Ah, a challenge! :-) > > Unfortunately, I don't have -stable on my Alpha and building a 4.x > source tree on current seems to work (besides gensetdefs missing). > If the patch is needed to make the module compile, then by all means > feel free to commit. I have no way to test or verify it, or even > reason about it (no failure details). > > -- > Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-audit" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Oct 14 22:12: 6 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 5EC5C37B406 for ; Sun, 14 Oct 2001 22:12:02 -0700 (PDT) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id PAA07755; Mon, 15 Oct 2001 15:11:50 +1000 Date: Mon, 15 Oct 2001 15:11:04 +1000 (EST) From: Bruce Evans X-X-Sender: To: Matthew Jacob Cc: Marcel Moolenaar , Subject: Re: change to linux/Makefile In-Reply-To: Message-ID: <20011015145741.V71335-100000@delplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 14 Oct 2001, Matthew Jacob wrote: > Oh- sorry about- the details were: > > ===> linux > @ -> /tstsys > machine -> /tstsys/alpha/include > cc -c -O -pipe -mcpu=ev4 -D_KERNEL -Wall -Wredundant-decls -Wnested-externs > -Ws > trict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual > -ff > ormat-extensions -ansi -DKLD_MODULE -nostdinc -I- -I. -I@ -I@/../include > -I/usr > /include -mno-fp-regs -Wa,-mev56 -Wall -Wredundant-decls -Wnested-externs > -Wstr > ict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual > -ffor > mat-extensions -ansi /tstsys/modules/linux/../../alpha/linux/linux_genassym.c > In file included from > /tstsys/modules/linux/../../alpha/linux/linux_genassym.c:8 > : > @/alpha/linux/linux.h:34: linux_syscall.h: No such file or directory > In file included from This line is: #include This is obvious nonsense. Pathnames are relative to the top of the sys tree (modulo disgusting -I hacks), and linux_syscall.h is obviously not at the top of the sys tree. -current has the correct include: #include > ... > On Sun, 14 Oct 2001, Marcel Moolenaar wrote: > > > On Sun, Oct 14, 2001 at 06:45:26PM -0700, Matthew Jacob wrote: > > > > > > This is the onoy way I could get the linux module to compile under Alpha with > > > a system directory that was not part of /usr/src (oh, yeah, fore RELENG_4). > > > > > > If you've a better way *that works* I'd love to see it. > > > > Ah, a challenge! :-) > > > > Unfortunately, I don't have -stable on my Alpha and building a 4.x > > source tree on current seems to work (besides gensetdefs missing). > > If the patch is needed to make the module compile, then by all means > > feel free to commit. I have no way to test or verify it, or even > > reason about it (no failure details). At least commit the same warts as in -current. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Oct 14 22:17:10 2001 Delivered-To: freebsd-audit@freebsd.org Received: from kayak.xcllnt.net (209-128-86-226.bayarea.net [209.128.86.226]) by hub.freebsd.org (Postfix) with ESMTP id DD4C737B40D for ; Sun, 14 Oct 2001 22:16:55 -0700 (PDT) Received: from dhcp01.pn.xcllnt.net (dhcp01.pn.xcllnt.net [192.168.4.201]) by kayak.xcllnt.net (8.11.4/8.11.4) with ESMTP id f9F5GtI96013; Sun, 14 Oct 2001 22:16:55 -0700 (PDT) (envelope-from marcel@kayak.pn.xcllnt.net) Received: (from marcel@localhost) by dhcp01.pn.xcllnt.net (8.11.6/8.11.3) id f9F5HJE00539; Sun, 14 Oct 2001 22:17:19 -0700 (PDT) (envelope-from marcel) Date: Sun, 14 Oct 2001 22:17:19 -0700 From: Marcel Moolenaar To: Matthew Jacob Cc: audit@FreeBSD.ORG Subject: Re: change to linux/Makefile Message-ID: <20011014221719.A528@dhcp01.pn.xcllnt.net> References: <20011014205349.A528@dhcp01.pn.xcllnt.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.3.21i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Oct 14, 2001 at 09:00:11PM -0700, Matthew Jacob wrote: > > The first problem was that there was no linux_syscall anyway. The second > problem was that even when I regen'd them for -stable, the compile wasn't > finding them. linux_syscall.h, linux_proto.h and linux_sysent.c will be generated on the fly when you do a make depend. Did you do a make depend? > BTW- I'm not 100% convinced that similar problems are avoided in -current- by > my having both a /usr/src on all of my machines as well as a /tstsys I > probably get lots of unintentional 'sorta maybe kind mostly works' situations. On -current I reverted the generation-on-the-fly of the abovementioned files, because we are missing the support in general for that. That's probably why it works on -current. -- Marcel Moolenaar USPA: A-39004 marcel@xcllnt.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Oct 14 22:30: 6 2001 Delivered-To: freebsd-audit@freebsd.org Received: from beppo.feral.com (beppo.feral.com [192.67.166.79]) by hub.freebsd.org (Postfix) with ESMTP id EA35337B408 for ; Sun, 14 Oct 2001 22:30:03 -0700 (PDT) Received: from mailhost.feral.com (mjacob@mailhost.feral.com [192.67.166.1]) by beppo.feral.com (8.11.3/8.11.3) with ESMTP id f9F5U2H11904; Sun, 14 Oct 2001 22:30:02 -0700 (PDT) (envelope-from mjacob@feral.com) Date: Sun, 14 Oct 2001 22:30:01 -0700 (PDT) From: Matthew Jacob X-Sender: mjacob@beppo Reply-To: mjacob@feral.com To: Marcel Moolenaar Cc: audit@FreeBSD.ORG Subject: Re: change to linux/Makefile In-Reply-To: <20011014221719.A528@dhcp01.pn.xcllnt.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 14 Oct 2001, Marcel Moolenaar wrote: > On Sun, Oct 14, 2001 at 09:00:11PM -0700, Matthew Jacob wrote: > > > > The first problem was that there was no linux_syscall anyway. The second > > problem was that even when I regen'd them for -stable, the compile wasn't > > finding them. > > linux_syscall.h, linux_proto.h and linux_sysent.c will be generated on > the fly when you do a make depend. Did you do a make depend? Of course. They were not generated. They also, in fact, are checked in. > > > BTW- I'm not 100% convinced that similar problems are avoided in -current- by > > my having both a /usr/src on all of my machines as well as a /tstsys I > > probably get lots of unintentional 'sorta maybe kind mostly works' situations. > > On -current I reverted the generation-on-the-fly of the abovementioned > files, because we are missing the support in general for that. That's > probably why it works on -current. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sun Oct 14 22:35:11 2001 Delivered-To: freebsd-audit@freebsd.org Received: from mailman.zeta.org.au (mailman.zeta.org.au [203.26.10.16]) by hub.freebsd.org (Postfix) with ESMTP id 0A30F37B405 for ; Sun, 14 Oct 2001 22:35:08 -0700 (PDT) Received: from bde.zeta.org.au (bde.zeta.org.au [203.2.228.102]) by mailman.zeta.org.au (8.9.3/8.8.7) with ESMTP id PAA11043; Mon, 15 Oct 2001 15:35:00 +1000 Date: Mon, 15 Oct 2001 15:34:13 +1000 (EST) From: Bruce Evans X-X-Sender: To: Marcel Moolenaar Cc: Matthew Jacob , Subject: Re: change to linux/Makefile In-Reply-To: <20011014221719.A528@dhcp01.pn.xcllnt.net> Message-ID: <20011015152623.K71511-100000@delplex.bde.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 14 Oct 2001, Marcel Moolenaar wrote: > On Sun, Oct 14, 2001 at 09:00:11PM -0700, Matthew Jacob wrote: > > > > The first problem was that there was no linux_syscall anyway. The second > > problem was that even when I regen'd them for -stable, the compile wasn't > > finding them. > > linux_syscall.h, linux_proto.h and linux_sysent.c will be generated on > the fly when you do a make depend. Did you do a make depend? In RELENG_4, linux_proto.h is generated at commit time for i386's only. For alphas, the generated linux_proto.h is included using a confusing pathname (; should be "linux_proto.h"). <>-style includes are logically relative to the top of the sys tree and ""-style includes are logically relative to the compile directory. Unfortunately, -I- makes <>-style includes physically equivalent to ""-style includes. > > > BTW- I'm not 100% convinced that similar problems are avoided in -current- by > > my having both a /usr/src on all of my machines as well as a /tstsys I > > probably get lots of unintentional 'sorta maybe kind mostly works' situations. > > On -current I reverted the generation-on-the-fly of the abovementioned > files, because we are missing the support in general for that. That's > probably why it works on -current. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Tue Oct 16 18:19:23 2001 Delivered-To: freebsd-audit@freebsd.org Received: from lennier.cc.vt.edu (lennier.cc.vt.edu [198.82.162.213]) by hub.freebsd.org (Postfix) with ESMTP id 69D8537B407 for ; Tue, 16 Oct 2001 18:19:14 -0700 (PDT) Received: from vivi.cc.vt.edu (IDENT:mirapoint@vivi.cc.vt.edu [198.82.161.183]) by lennier.cc.vt.edu (8.11.4/8.11.4) with ESMTP id f9H1JB6436855; Tue, 16 Oct 2001 21:19:11 -0400 (EDT) Received: from mail.vt.edu (gkar.cc.vt.edu [198.82.161.190]) by vivi.cc.vt.edu (Mirapoint) with ESMTP id ADJ87617; Tue, 16 Oct 2001 21:19:09 -0400 (EDT) Received: from enterprise.muriel.penguinpowered.com ([198.82.100.125]) by gkar.cc.vt.edu (Sun Internet Mail Server sims.3.5.2001.05.04.11.50.p10) with ESMTP id <0GLB00KJXSZW4J@gkar.cc.vt.edu>; Tue, 16 Oct 2001 21:19:08 -0400 (EDT) Date: Tue, 16 Oct 2001 21:14:50 -0400 (EDT) From: Mike Heffner Subject: Re: [art@cvs.openbsd.org: CVS: cvs.openbsd.org: src] In-reply-to: <20010818190339.A76832@xor.obsecurity.org> To: Kris Kennaway Cc: audit@FreeBSD.org Message-id: MIME-version: 1.0 X-Mailer: XFMail 1.5.1 on FreeBSD Content-type: multipart/signed; boundary="_=XFMail.1.5.1.FreeBSD:20011016211450:419=_"; micalg=pgp-md5; protocol="application/pgp-signature" X-Priority: 3 (Normal) Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This message is in MIME format --_=XFMail.1.5.1.FreeBSD:20011016211450:419=_ Content-Type: text/plain; charset=us-ascii On 19-Aug-2001 Kris Kennaway wrote: | Anyone up for porting this? Ok, I've tried to take a stab at this. However, not having much kernel experience I'm not to sure about this. How does the following look? P.S. What's the best place to document this type of sysctl? Index: kern_exec.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v retrieving revision 1.141 diff -u -r1.141 kern_exec.c --- kern_exec.c 2001/10/10 23:06:53 1.141 +++ kern_exec.c 2001/10/17 01:14:08 @@ -83,6 +83,16 @@ SYSCTL_INT(_kern, OID_AUTO, ps_argsopen, CTLFLAG_RW, &ps_argsopen, 0, ""); /* + * Control whether a random gap is added to the stack, the gap is calculated + * with the following formula: + * arc4random() & (stackgap_width - 1) + * If stackgap_width is less than or equal to zero, no gap is added. + */ +int stackgap_width; +SYSCTL_INT(_kern, OID_AUTO, stackgap_width, CTLFLAG_RW, &stackgap_width, 0, + ""); + +/* * Each of the items is a pointer to a `const struct execsw', hence the * double pointer here. */ @@ -691,7 +701,7 @@ char *stringp, *destp; register_t *stack_base; struct ps_strings *arginfo; - int szsigcode; + int sgap, szsigcode; /* * Calculate string base and vector table pointers. @@ -710,6 +720,14 @@ ((caddr_t)arginfo - szsigcode), szsigcode); /* + * Calculate a random stack gap no larger than stackgap_width. + */ + if (stackgap_width > 0) + sgap = arc4random() & (stackgap_width - 1); + else + sgap = 0; + + /* * If we have a valid auxargs ptr, prepare some room * on the stack. */ @@ -725,8 +743,8 @@ * the arg and env vector sets,and imgp->auxarg_size is room * for argument of Runtime loader. */ - vectp = (char **) (destp - (imgp->argc + imgp->envc + 2 + - imgp->auxarg_size) * sizeof(char *)); + vectp = (char **) (destp - (sgap + imgp->argc + imgp->envc + + 2 + imgp->auxarg_size) * sizeof(char *)); } else /* @@ -734,7 +752,8 @@ * the arg and env vector sets */ vectp = (char **) - (destp - (imgp->argc + imgp->envc + 2) * sizeof(char *)); + (destp - (sgap + imgp->argc + imgp->envc + 2) * + sizeof(char *)); /* * vectp also becomes our initial stack base | ----- Forwarded message from Artur Grabowski ----- | | Delivered-To: kkenn@localhost.obsecurity.org | Delivered-To: kris@freebsd.org | Date: Fri, 17 Aug 2001 21:32:16 -0600 (MDT) | From: Artur Grabowski | To: source-changes@cvs.openbsd.org | Subject: CVS: cvs.openbsd.org: src | Precedence: bulk | Reply-To: Artur Grabowski | X-Loop: source-changes@openbsd.org | X-UIDL: 2307983f1074b8429d691305aa7c6c5c | | CVSROOT: /cvs | Module name: src | Changes by: art@cvs.openbsd.org 2001/08/17 21:32:16 | | Modified files: | sys/kern : kern_exec.c kern_sysctl.c | sys/sys : sysctl.h | lib/libc/gen : sysctl.3 | sbin/sysctl : sysctl.8 | | Log message: | Add a possibility to add a random offset to the stack on exec. This | makes | it slightly harder to write generic buffer overflows. This doesn't | really | give any real security, but it raises the bar for script-kiddies and | it's | really cheap. | | The range of the random offsets is controlled by the sysctl | kern.stackgap_random (must be a power of 2). | | This is disabled by default right now, but we'll set it to a reasonable | value | (1024?) soon, after some more testing. | | | | ----- End forwarded message ----- Mike -- Mike Heffner Blacksburg, VA --_=XFMail.1.5.1.FreeBSD:20011016211450:419=_ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7zNuKFokZQs3sv5kRAhsxAKCJ0A3VAhCXCfH2Tb7lG7vdPJV8TwCgmBoC QAxuXXjaRwi1mO6DHqgUquY= =Pe0h -----END PGP SIGNATURE----- --_=XFMail.1.5.1.FreeBSD:20011016211450:419=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message