Date: Thu, 06 Nov 2014 06:45:49 -0500 From: "Anthony G. Basile" <basile@...nsource.dyc.edu> To: musl@...ts.openwall.com Subject: Re: fixing -fPIE + -fstack-protector-all On 11/05/14 10:43, Rich Felker wrote: > On Wed, Nov 05, 2014 at 04:25:03PM +0100, John Spencer wrote: >> using -fPIE + -fstack-protector-all is currently broken for a number >> of architectures (most notably i386) in the default gcc setup >> (including the musl-cross patches), as it depends on a >> libssp_nonshared.a which provides __stack_chk_fail_local(). > > As discussed on IRC, I would _like_ to be able to simply add the > following to crt/i386/crti.s: > > __stack_chk_fail_local: hlt > > and equivalent for other archs. This has the added benefit of > effecting a crash without going through the PLT (whereas > libssp_nonshared.a's __stack_chk_fail_local calls __stack_chk_fail via > the PLT) so it's not vulnerable to attacks that have overwritten the > GOT with malicious pointers. For what its worth, hardening in gentoo (PaX kernel + userland hardening with relro and bindnow) tries to prevent this kind of attack by making the GOT read only after initial linking. > > However, this proposed solution breaks one odd corner case: static > linking when all the source files were compiled with -fPIC or -fPIE. > In that case, there would be no references to __stack_chk_fail, only > to __stack_chk_fail_local, and thereby __init_ssp would not get > linked, and a zero canary would be used. I would rather not see this solution. > > One possible way to handle this would be giving up the conditional > linking of ssp init and just always initializing it. The .o file is 78 > bytes on i386 and 70 bytes on x86_64, but there would also be some > savings to offset the cost simply from having the code inline in > __init_libc rather than as an external function. > > I'm open to other ideas too. > > Rich > -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.