From owner-freebsd-hackers@FreeBSD.ORG Tue Jul 5 15:39:28 2005 Return-Path: X-Original-To: freebsd-hackers@FreeBSD.org Delivered-To: freebsd-hackers@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 660D816A41C for ; Tue, 5 Jul 2005 15:39:28 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from postfix3-1.free.fr (postfix3-1.free.fr [213.228.0.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A17143D46 for ; Tue, 5 Jul 2005 15:39:27 +0000 (GMT) (envelope-from tataz@tataz.chchile.org) Received: from tatooine.tataz.chchile.org (vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98]) by postfix3-1.free.fr (Postfix) with ESMTP id 31510173506 for ; Tue, 5 Jul 2005 17:39:26 +0200 (CEST) Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000) id 3C19A405B; Tue, 5 Jul 2005 17:39:33 +0200 (CEST) Date: Tue, 5 Jul 2005 17:39:33 +0200 From: Jeremie Le Hen To: freebsd-hackers@FreeBSD.org Message-ID: <20050705153933.GP73907@obiwan.tataz.chchile.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.9i Cc: Subject: ProPolice symbols in libc or libssp ? X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 05 Jul 2005 15:39:28 -0000 Hi hackers, I'm still working on integrating the ProPolice patch in FreeBSD CURRENT. A small reminder : The ProPolice patch prevents from stack-based buffer overflows but setting a canary between character arrays and the return address stored in the stack. In addition, automatic variables are reordered so that pointers stands before buffers. ProPolice (aka Stack Smashing Protector / SSP) needs two symbols to work correctly ("__guard" which is the canary initialized before main() is started, and "__stack_smash_handler" which is the function called when a buffer overflow is detected ; furthermore, a private contructor is provided to fill __guard). The original patch stores them in libgcc but since FreeBSD only provides a static libgcc, this will lead to have those compiled into all binaries, which is not something acceptable, IMO. Numerous patches porting ProPolice to newer versions of FreeBSD store these symbols in libc, so they are dynamically linked. That's what I did too and it worked quite well. However, Victor Balada Diaz tested the patch for me and reported that it breaks Opera compiled for RELENG_4 because the latter is linked against libc (compat one) and libz. The problem is that the libz version against which Opera is dynamically linked is not residing in compat/ and _needs_ ProPolice symbols which are obviously not in the compat libc. Another solution taht exists, the one used by the Hardened Debian project, is to have a libssp containing these two symbols. How would you, hackers, overcome this problem ? Suggestion are welcome. Thanks. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org >