| 1 |
On April 21, 2004 01:12 pm, pageexec@××××××××.hu wrote: |
| 2 |
> > > 1. don't initialize __guard[] to all 0s, on some compilers it will |
| 3 |
> > > force it into the .data section (instead of .bss), it's a slight |
| 4 |
> > > waste... |
| 5 |
> > |
| 6 |
> > I have read the stack value can be used here with zero preformance loss. |
| 7 |
> > Just to set initial values. |
| 8 |
> |
| 9 |
> 'stack value' = ? |
| 10 |
|
| 11 |
I mean to say anything freely available, like the time. |
| 12 |
|
| 13 |
> anyway, taking into account my 3rd observation as well, you should do |
| 14 |
> something like this: |
| 15 |
|
| 16 |
This libc patch is based on the gcc/libgcc2.c hunk of the ibm propolice patch. |
| 17 |
__guard is an array in there too. I also noticed its a 'static void', will |
| 18 |
that mess with aslr? In gentoo's ssp libc patch its not static. It looks to |
| 19 |
me like that is where the "#if defined(HAVE_SYSLOG)" came from. HAVE_SYSLOG |
| 20 |
is used durring the gcc compile, but not durring glibc compile. Someone |
| 21 |
copied and pasted without checking. This is in the gcc hunk but missing from |
| 22 |
our glibc patch (while in obsd's libc hunk): |
| 23 |
|
| 24 |
static void __guard_setup(void) __attribute__ ((constructor)); |
| 25 |
void __stack_smash_handler(char func[], int damaged __attribute__((unused))); |
| 26 |
|
| 27 |
Looks like I should be including sys/sysctl.h instead of linux/sysctl.h too |
| 28 |
(so both get included). Also, there are two ways to invoke sysctl (and |
| 29 |
__sysctl). The first is a wrapper, second is direct. I didn't know the |
| 30 |
difference so I used __sysctl. |
| 31 |
|
| 32 |
|
| 33 |
-- |
| 34 |
gentoo-hardened@g.o mailing list |
Archives