Date: Mon, 31 Dec 2007 03:43:41 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Jeremie Le Hen <jeremie@le-hen.org> Cc: Gunther Mayer <gunther.mayer@googlemail.com>, freebsd-security@freebsd.org Subject: Re: ProPolice/SSP in 7.0 Message-ID: <20071231033402.F21115@odysseus.silby.com> In-Reply-To: <20071230132611.GD10467@obiwan.tataz.chchile.org> References: <477277FF.30504@googlemail.com> <86myrvhht9.fsf@ds4.des.no> <20071227195833.154b41ae@kan.dnsalias.net> <4774EB0F.90103@googlemail.com> <20071228200428.J6052@odysseus.silby.com> <20071230132611.GD10467@obiwan.tataz.chchile.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 30 Dec 2007, Jeremie Le Hen wrote: >> Either I'm doing something wrong, or we have gcc misconfigured and it's not >> detecting that strcpy is a function which needs to be watched closedly. > > Actually, you did nothing wrong. Except maybe not wasting time to look > at GCC info page ;). > > % `-fstack-protector' > % Emit extra code to check for buffer overflows, such as stack > % smashing attacks. This is done by adding a guard variable to > % functions with vulnerable objects. This includes functions that > % call alloca, and functions with buffers larger than 8 bytes. The > % guards are initialized when a function is entered and then checked > % when the function exits. If a guard check fails, an error message > % is printed and the program exits. > > I believed it was possible to customize this threshold (I'm pretty sure > I've already seen such an option in some patch floating around GCC > community) but a quick glance a the source shows it is not possible > actually. > > Regards, > -- > Jeremie Le Hen Ah, I went to the old propolice page and just read this description: ---- compiler option -fstack-protector-all, -fno-stack-protector-all enables and disables the protection of every function, not only the function with character array. ---- I apparently RTWrongFM. :) Seems to me that the 8 character limit is probably some performance tradeoff compromise... from a security perspective I can't see why 8 byte arrays would be less likely to be used incorrectly than 9 byte arrays. In any case, thanks for answering my question. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071231033402.F21115>