Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 31 Oct 2016 22:10:41 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: Daniel Micay <danielmicay@...il.com>
Cc: Jann Horn <jann@...jh.net>,  Kees Cook <keescook@...omium.org>,  kernel-hardening@...ts.openwall.com,  Andrew Morton <akpm@...ux-foundation.org>,  Michal Hocko <mhocko@...e.com>,  Ingo Molnar <mingo@...nel.org>,  Andy Lutomirski <luto@...nel.org>,  LKML <linux-kernel@...r.kernel.org>
Subject: Re: Re: [PATCH] fork: make whole stack_canary random

* Daniel Micay:

>> It makes a lot of sense on x86_64 where it means the canary is
>> still 56 bits. Also, you want -fstack-check for protecting again
>> stack overflows rather than stack *buffer* overflow. SSP won't
>> really help you in that regard. Sadly, while -fstack-check now
>> works well in GCC 6 with little performance cost, it's not really a

I think GCC still does not treat the return address push on
architectures which have such a CALL instruction as an implicit stack
probe.

>> complete feature (and Clang impls it as a no-op!).

How many guard pages at the end of the stack does the kernel
guarantee?  I saw some -fstack-check-generated code which seemed to
jump over a single guard page.

The other thing I've seen which could impact the effectiveness of
-fstack-check: mmap *without* MAP_FIXED and a hint within stack
allocation can create a mapping inside the stack.  That's rather
surprising, and I'm not sure if the net result is that there actually
is a guard page in all cases.

> Note: talking about userspace after the entropy bit. The kernel doesn't
> really -fstack-check, at least in even slightly sane code...

There used to be lots of discussions about kernel stack sizes ...

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.