Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 12 Aug 2012 22:12:02 +0400
From: Vasily Kulikov <>
Subject: kernel's -fstack-protector


RHEL6.3'ish kernel is able to use SSP of gcc, but currently doesn't do it:

/usr/src/world/kernel-config/linux-2.6.32/arch/x86/Makefile:81: stack protector enabled but no compiler support

Linux tests SSP by compiling a trivial program which uses array and examining
the result:


	echo "int foo(void) { char X[200]; return 3; }" | $* -S -xc -c -O0 -fstack-protector - -o - 2> /dev/null | grep -q "%gs"
	if [ "$?" -eq "0" ] ; then
		echo y
		echo n

Look for the difference between my host Ubuntu system and Owl's chroot:

--- /home/vasya/owl/gcc-ssp-1	2012-08-12 22:02:56.081192917 +0400
+++ /home/vasya/owl/gcc-ssp-2	2012-08-12 22:03:26.109341468 +0400
@@ -1,22 +1,31 @@
 	.file	""
-.globl foo
+	.globl	foo
 	.type	foo, @function
+	.cfi_startproc
 	pushl	%ebp
+	.cfi_def_cfa_offset 8
+	.cfi_offset 5, -8
 	movl	%esp, %ebp
+	.cfi_def_cfa_register 5
 	subl	$216, %esp
-	movl	%gs:20, %eax
+	movl	__stack_chk_guard, %eax
 	movl	%eax, -12(%ebp)
 	xorl	%eax, %eax
 	movl	$3, %eax
 	movl	-12(%ebp), %edx
-	xorl	%gs:20, %edx
-	je	.L3
+	xorl	__stack_chk_guard, %edx
+	je	.L2
 	call	__stack_chk_fail
+	.cfi_restore 5
+	.cfi_def_cfa 4, 4
+	.cfi_endproc
 	.size	foo, .-foo
-	.ident	"GCC: (Ubuntu 4.4.3-4ubuntu5.1) 4.4.3"
+	.ident	"GCC: (GNU) 4.6.2"
 	.section	.note.GNU-stack,"",@progbits

The most interesting lines are:

	-	movl	%gs:20, %eax
	+	movl	__stack_chk_guard, %eax

Owl's gcc doesn't use %gs, but uses a global symbol.  That's because our glibc
doesn't support any sort of SSP and gcc fallbacks to using global symbol.
That is a gcc compilation stage choice, so we cannot explicitly enable it for
the kernel until glibc upgrade.

So, for now we don't use SSP for the kernel.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.