From owner-freebsd-security@FreeBSD.ORG Mon Dec 31 09:43:45 2007 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 119E016A417 for ; Mon, 31 Dec 2007 09:43:45 +0000 (UTC) (envelope-from silby@silby.com) Received: from relay03.pair.com (relay03.pair.com [209.68.5.17]) by mx1.freebsd.org (Postfix) with SMTP id B8AE913C457 for ; Mon, 31 Dec 2007 09:43:44 +0000 (UTC) (envelope-from silby@silby.com) Received: (qmail 99551 invoked from network); 31 Dec 2007 09:43:42 -0000 Received: from unknown (HELO localhost) (unknown) by unknown with SMTP; 31 Dec 2007 09:43:42 -0000 X-pair-Authenticated: 209.68.2.70 Date: Mon, 31 Dec 2007 03:43:41 -0600 (CST) From: Mike Silbersack To: Jeremie Le Hen In-Reply-To: <20071230132611.GD10467@obiwan.tataz.chchile.org> Message-ID: <20071231033402.F21115@odysseus.silby.com> References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> <20071228200428.J6052@odysseus.silby.com> <20071230132611.GD10467@obiwan.tataz.chchile.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Gunther Mayer , freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 31 Dec 2007 09:43:45 -0000 On Sun, 30 Dec 2007, Jeremie Le Hen wrote: >> Either I'm doing something wrong, or we have gcc misconfigured and it's not >> detecting that strcpy is a function which needs to be watched closedly. > > Actually, you did nothing wrong. Except maybe not wasting time to look > at GCC info page ;). > > % `-fstack-protector' > % Emit extra code to check for buffer overflows, such as stack > % smashing attacks. This is done by adding a guard variable to > % functions with vulnerable objects. This includes functions that > % call alloca, and functions with buffers larger than 8 bytes. The > % guards are initialized when a function is entered and then checked > % when the function exits. If a guard check fails, an error message > % is printed and the program exits. > > I believed it was possible to customize this threshold (I'm pretty sure > I've already seen such an option in some patch floating around GCC > community) but a quick glance a the source shows it is not possible > actually. > > Regards, > -- > Jeremie Le Hen Ah, I went to the old propolice page and just read this description: ---- compiler option -fstack-protector-all, -fno-stack-protector-all enables and disables the protection of every function, not only the function with character array. ---- I apparently RTWrongFM. :) Seems to me that the 8 character limit is probably some performance tradeoff compromise... from a security perspective I can't see why 8 byte arrays would be less likely to be used incorrectly than 9 byte arrays. In any case, thanks for answering my question. Mike "Silby" Silbersack