1 |
On April 21, 2004 01:12 pm, pageexec@××××××××.hu wrote: |
2 |
> > > 1. don't initialize __guard[] to all 0s, on some compilers it will |
3 |
> > > force it into the .data section (instead of .bss), it's a slight |
4 |
> > > waste... |
5 |
> > |
6 |
> > I have read the stack value can be used here with zero preformance loss. |
7 |
> > Just to set initial values. |
8 |
> |
9 |
> 'stack value' = ? |
10 |
|
11 |
I mean to say anything freely available, like the time. |
12 |
|
13 |
> anyway, taking into account my 3rd observation as well, you should do |
14 |
> something like this: |
15 |
|
16 |
This libc patch is based on the gcc/libgcc2.c hunk of the ibm propolice patch. |
17 |
__guard is an array in there too. I also noticed its a 'static void', will |
18 |
that mess with aslr? In gentoo's ssp libc patch its not static. It looks to |
19 |
me like that is where the "#if defined(HAVE_SYSLOG)" came from. HAVE_SYSLOG |
20 |
is used durring the gcc compile, but not durring glibc compile. Someone |
21 |
copied and pasted without checking. This is in the gcc hunk but missing from |
22 |
our glibc patch (while in obsd's libc hunk): |
23 |
|
24 |
static void __guard_setup(void) __attribute__ ((constructor)); |
25 |
void __stack_smash_handler(char func[], int damaged __attribute__((unused))); |
26 |
|
27 |
Looks like I should be including sys/sysctl.h instead of linux/sysctl.h too |
28 |
(so both get included). Also, there are two ways to invoke sysctl (and |
29 |
__sysctl). The first is a wrapper, second is direct. I didn't know the |
30 |
difference so I used __sysctl. |
31 |
|
32 |
|
33 |
-- |
34 |
gentoo-hardened@g.o mailing list |