1 |
> > 1. don't initialize __guard[] to all 0s, on some compilers it will force |
2 |
> > it into the .data section (instead of .bss), it's a slight waste... |
3 |
> |
4 |
> I have read the stack value can be used here with zero preformance loss. Just |
5 |
> to set initial values. |
6 |
|
7 |
'stack value' = ? |
8 |
|
9 |
anyway, what i meant was that if you have a variable that you'd initialize |
10 |
as 0, don't initialize it at all, it will then go to the .bss section |
11 |
(= takes up no space in the file itself). |
12 |
|
13 |
> > 2. you have a nice buffer overflow on 64 bit archs where sizeof long = 8 |
14 |
> > but in your loop you access twice as many elements (you divide by 4 |
15 |
> > instead of sizeof long). |
16 |
> |
17 |
> The /4 is to prevent a bug. Only multiples of 4 and 16 can be used, its a |
18 |
> double check. |
19 |
|
20 |
ok, let's forget about the overflow, it would occur only if sizeof(int)>4 |
21 |
and i think no 64 bit arch defines it that way (but someone should double |
22 |
check). |
23 |
|
24 |
anyway, taking into account my 3rd observation as well, you should do |
25 |
something like this: |
26 |
|
27 |
unsigned long __guard; |
28 |
|
29 |
void __guard_setup (void) |
30 |
{ |
31 |
int mib[3]; |
32 |
size_t len; |
33 |
|
34 |
if (__guard != 0UL) |
35 |
return; |
36 |
|
37 |
/* Random is another depth in Linux, hence an array of 3. */ |
38 |
mib[0] = CTL_KERN; |
39 |
mib[1] = KERN_RANDOM; |
40 |
mib[2] = RANDOM_ERANDOM; |
41 |
|
42 |
len = sizeof(unsigned long); |
43 |
if (-1 == __sysctl(mib, 3, &__guard, &len, NULL, 0)) |
44 |
/* If sysctl was unsuccessful, use the "terminator canary". */ |
45 |
__guard = 0xFF0A0D00UL; |
46 |
} |
47 |
|
48 |
|
49 |
|
50 |
-- |
51 |
gentoo-hardened@g.o mailing list |