| 1 |
On Mon, 2004-04-19 at 22:29, Robert Connolly wrote: |
| 2 |
> On April 19, 2004 09:16 pm, Ned Ludd wrote: |
| 3 |
> > On Mon, 2004-04-19 at 17:55, Robert Connolly wrote: |
| 4 |
> >>... |
| 5 |
> > Could you test the following attachment (guard-test) a few times and |
| 6 |
> > post the results? Mainly I'd like to verify that your __guard is infact |
| 7 |
> > working as expected. (It should SEGFAULT or SIGABRT) |
| 8 |
> |
| 9 |
> ./guard-test |
| 10 |
> main = 0x800009d4; |
| 11 |
> __guard = 0x4012aba0; |
| 12 |
> __stack_smash_handler = 0x4002de50; |
| 13 |
> __guard = 0x4012aba0; |
| 14 |
> __stack_smash_handler = 0x4002de50; |
| 15 |
> guard-test: stack smashing attack in function mainAborted |
| 16 |
|
| 17 |
And how about a second run... __guard is at a different location? |
| 18 |
|
| 19 |
> |
| 20 |
> > I took a quick look at the (glibc) code and it appears as if you drooped |
| 21 |
> > support completely for /dec/urandom I'm not sure if that's a good idea |
| 22 |
> > because if a user decides not to use frandom then she will end up with |
| 23 |
> > the default canary only which would weaken the entire model.. |
| 24 |
> |
| 25 |
> That doable. But sysctl random_uuid could also be used as a second fallback. / |
| 26 |
|
| 27 |
kernel.random.uuid can only be read by uid 0 |
| 28 |
Actually I'm not 100% sure on this because I've had my /proc/sys |
| 29 |
restricted for so long thanks to grsecurity.. |
| 30 |
|
| 31 |
|
| 32 |
> dev/{e,f}random third, urandom fourth... I just used sysctl erandom so not to |
| 33 |
> make it too complicated for now. |
| 34 |
|
| 35 |
What would be the point of even looking for /dev/{e,f} if the sysctl() |
| 36 |
failed? Either we are using frandom or not. Right? |
| 37 |
|
| 38 |
I would think the logic would work something like this untested |
| 39 |
attachment. |
| 40 |
|
| 41 |
> > Also can this be enabled in the kernel as non LKM? |
| 42 |
> > As handy as modules are they are a security risk and should be avoided |
| 43 |
> > at all costs. |
| 44 |
> |
| 45 |
> As in built in? yes. The sysctl support will not work as a module. |
| 46 |
> |
| 47 |
> |
| 48 |
> -- |
| 49 |
> gentoo-hardened@g.o mailing list |
| 50 |
-- |
| 51 |
Ned Ludd <solar@g.o> |
| 52 |
Gentoo Linux Developer |
Archives