From owner-freebsd-arch@FreeBSD.ORG Wed Apr 23 13:19:46 2008 Return-Path: Delivered-To: freebsd-arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 16BA01065674; Wed, 23 Apr 2008 13:19:46 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (smtp5-g19.free.fr [212.27.42.35]) by mx1.freebsd.org (Postfix) with ESMTP id 94AC18FC15; Wed, 23 Apr 2008 13:19:45 +0000 (UTC) (envelope-from tataz@tataz.chchile.org) Received: from smtp5-g19.free.fr (localhost.localdomain [127.0.0.1]) by smtp5-g19.free.fr (Postfix) with ESMTP id 748363F61A5; Wed, 23 Apr 2008 15:19:44 +0200 (CEST) Received: from tatooine.tataz.chchile.org (tataz.chchile.org [82.233.239.98]) by smtp5-g19.free.fr (Postfix) with ESMTP id 68CB53F6195; Wed, 23 Apr 2008 15:19:44 +0200 (CEST) Received: from obiwan.tataz.chchile.org (unknown [192.168.1.25]) by tatooine.tataz.chchile.org (Postfix) with ESMTP id 6DE129BF12; Wed, 23 Apr 2008 13:17:20 +0000 (UTC) Received: by obiwan.tataz.chchile.org (Postfix, from userid 1000) id 60A96405B; Wed, 23 Apr 2008 15:17:20 +0200 (CEST) Date: Wed, 23 Apr 2008 15:17:20 +0200 From: Jeremie Le Hen To: Antoine Brodin Message-ID: <20080423131720.GP92168@obiwan.tataz.chchile.org> References: <20080418132749.GB4840@obiwan.tataz.chchile.org> <200804181945.59189.max@love2party.net> <20080418204738.GE4840@obiwan.tataz.chchile.org> <20080419071400.GP73016@server.vk2pj.dyndns.org> <20080419074921.GI4840@obiwan.tataz.chchile.org> <20080420095911.GT5934@hoeg.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.15 (2007-04-06) Cc: freebsd-arch@freebsd.org Subject: Re: Integration of ProPolice in FreeBSD X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Apr 2008 13:19:46 -0000 Hi Antoine, On Fri, Apr 18, 2008 at 04:37:06PM +0200, Antoine Brodin wrote: > Last time I looked at your patch, there was a problem when using > -fstack-protector-all instead of -fstack-protector: > when you compile lib/csu/*, gnu/lib/csu/*, or > src/lib/libc/sys/stack_protector.c with this flag, there is a kind of > chicken/egg problem and you end up with an unusable world. > That said, it would be great to be able to compile world with SSP when > an option is set in src.conf. You were right. I had a chance to test it this weekend. Thank you for pointing this out. On Sun, Apr 20, 2008 at 12:20:34PM +0200, Antoine Brodin wrote: > On Sun, Apr 20, 2008 at 11:59 AM, Ed Schouten wrote: > > Couldn't __stack_chk_init() be implemented like this: > > > > | static void > > | __stack_chk_init(void *dummy __unused) > > | { > > | arc4rand(__stack_chk_guard, sizeof(__stack_chk_guard), 0); > > | } > > You can't do this because arc4rand will be protected and the guard > won't be same when you return from arc4rand. This limitation also exists in the kernel. Currently, the kernel canary is initialized with: +/* SI_SUB_EVENTHANDLER is right after SI_SUB_LOCK, used by arc4rand() init. */ +SYSINIT(stack_chk, SI_SUB_EVENTHANDLER, SI_ORDER_ANY, __stack_chk_init, NULL); Luckily it seems that for now there is no function on the calling path to __stack_chk_init() that GCC deem useful to protect with stack-smashing protection. There is nothing that will prevent this to occur because of a careless change in the future though. So obviously, using -fstack-protector-all will break the kernel too. FWIW, it is easier to handle this in NetBSD as the canary is initialized in main(). Nonetheless I suppose it may arise if main() happens to return. I'm not sure what is the best way to handle this. Should I write special rules for those files with ${CFLAGS:S/^-fstack-protector-all$/-fstack-protector/g} or simply document that building the system with -fstack-protector-all is not supported? Thank you for your advices. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >