Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 1 Oct 2014 09:30:50 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Re: A running list of questions from "porting" Slackware
 to musl

On Wed, Oct 01, 2014 at 09:48:17AM +0200, Szabolcs Nagy wrote:
> * Andy Lutomirski <luto@...capital.net> [2014-09-30 16:50:28 -0700]:
> > On 09/30/2014 08:50 AM, Rich Felker wrote:
> > > When gcc generates the canary-check code, on failure it normally
> > > calls/jumps to __stack_chk_fail. But for shared libraries, that call
> > > would go to a thunk in the library's PLT, which depends on the GOT
> > > register being initialized (actually this varies by arch; x86_64
> ....
> > 
> > On x86_64, this would be call *whatever@...off(%rip) instead of call
> > whatever@....
> > 
> > (Even better: the loader could patch the PLT with a direct jump.  Could
> ....
> 
> hm this seems to be a lot of complication just to crash
> 
> if gcc had a -fcrash-on-ssp-chk-fail flag that simply generated
> a crash instruction that would be simpler/smaller/more secure
> 
> (actually i think that should be the default behaviour)

Yes, it really should. Perhaps we could post a GCC bug report
requesting this with a link to one or more of the articles on
exploiting the introspective debug code in gcc/glibc crash handlers.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.