Re: [patch 2/5] Add the Kconfig option for the stackprotector feature

Paweł Sikora <[email protected]> writes:

> gcc supports stack protection at so called tree-level (it means it's
> architecture-independent). i've just tested a simple userland-code:
> 
> #include <stdlib.h>
> #include <string.h>
> int main()
> {
> 	char c;
> 	memset( &c, 0, 512 );
> 	return 0;
> }
> 
> and stack protection works fine on {ix86,x86-64,powerpc}-linux.
> i can test it on {alpha,sparc}-linux later but i'm pretty sure
> it'll work too on these archs.

$ gcc -v
Using built-in specs.
Target: x86_64-mandriva-linux-gnu
Configured with: ../configure --prefix=/usr --libexecdir=/usr/lib --with-slibdir=/lib64 --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --enable-checking=release --enable-languages=c,c++,ada,fortran,objc,obj-c++,java --host=x86_64-mandriva-linux-gnu --with-cpu=generic --with-system-zlib --enable-long-long --enable-__cxa_atexit --enable-clocale=gnu --disable-libunwind-exceptions --enable-java-awt=gtk --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --enable-gtk-cairo --enable-ssp --disable-libssp
Thread model: posix
gcc version 4.1.1 20060724 (prerelease) (4.1.1-3mdk)
$ gcc  -fstack-protector t.c
$ ./a.out                   
zsh: segmentation fault  ./a.out

it segfaults if using "return 0" instead of "exit(0)" and only if
memset overwrote the stack

why? because, according to gcc man page, "This includes functions that
call alloca, and functions with buffers larger than 8 bytes."
once the stack is bigger, it does abort with "*** stack smashing
detected ***: <unknown> terminated" however.

thus this won't protect stacks of small functions... such as your
example...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• Follow-Ups:
  • Re: [patch 2/5] Add the Kconfig option for the stackprotector feature
    • From: Paweł Sikora <[email protected]>

• References:
  • [patch 2/5] Add the Kconfig option for the stackprotector feature
    • From: Arjan van de Ven <[email protected]>
  • Re: [patch 2/5] Add the Kconfig option for the stackprotector feature
    • From: Daniel Walker <[email protected]>
  • Re: [patch 2/5] Add the Kconfig option for the stackprotector feature
    • From: Paweł Sikora <[email protected]>

• Prev by Date: [patch 2/2] i386: use new CFI macros in entry.S
• Next by Date: another Oops / BUG? (2.6.17.7 on VIA Epia CL6000)
• Previous by thread: Re: [patch 2/5] Add the Kconfig option for the stackprotector feature
• Next by thread: Re: [patch 2/5] Add the Kconfig option for the stackprotector feature
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]