Date: Fri, 17 Nov 2000 15:45:51 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: KOJIMA Hajime <kjm@rins.ryukoku.ac.jp> Cc: security@FreeBSD.ORG Subject: Base system gcc patch (Re: FYI: Propolice for gcc-2.95.2) Message-ID: <20001117154551.A77867@citusc17.usc.edu> In-Reply-To: <46896.974343158@ideon.st.ryukoku.ac.jp>; from kjm@rins.ryukoku.ac.jp on Thu, Nov 16, 2000 at 11:52:38AM %2B0900 References: <46896.974343158@ideon.st.ryukoku.ac.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
--EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable This was trivial to get working on FreeBSD, but here is a patch against the system gcc in 4.x which will compile a ProPolice-enabled version, so FreeBSD users can start easily making use of this. The patch is the same for 5.x users except you will need to replace "contrib/gcc" with "contrib/gcc.295" in the diff. http://www.freebsd.org/~kris/protector.patch Once you have done a buildworld and installed the new compiler, you can start playing with adding "-fstack-protector" into CFLAGS and e.g. build a new world. I haven't actually tested the results of this yet, so don't do that on your production systems yet ;-) It does seem to work, however: mollari# /tmp/smash AAAAAAAAAAAAAAAAAAAAAAAAAA main: stack smashing attack? Segmentation fault (core dumped) (gdb) bt #0 0x8048726 in __stack_smash_handler () #1 0x8048665 in main () #2 0x41414141 in ?? () Cannot access memory at address 0x41414141. :-) The one suggestion I have at this stage is to make _stack_smash_handler syslog() the error so there is a system record of the potential attack. There may be a reason that isn't feasible, however. Nice work! Kris On Thu, Nov 16, 2000 at 11:52:38AM +0900, KOJIMA Hajime wrote: > FYI: "Propolice", GCC extension for protecting applications from > stack-smashing attacks, for gcc-2.95.2 is now available. > =20 > <http://www.trl.ibm.co.jp/projects/security/ssp/>; >=20 > ---- > KOJIMA Hajime - Ryukoku University, Seta, Ootsu, Shiga, 520-2194 Japan > [Office] kjm@rins.ryukoku.ac.jp, http://www.st.ryukoku.ac.jp/~kjm/ >=20 >=20 > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message --EVF5PPMfhYS0aIcm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoVwy8ACgkQWry0BWjoQKVJJgCg4eKgfBWurflDWSmZkrOqAqIZ mJIAmwWViG46Jz6afWN5yAdbpRziUruY =cBxL -----END PGP SIGNATURE----- --EVF5PPMfhYS0aIcm-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001117154551.A77867>