Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: Ned Ludd <solar@g.o>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] ssp random bytes solution
Date: Tue, 20 Apr 2004 04:58:58
Message-Id: 1082437094.4147.13344.camel@simple
In Reply to: Re: [gentoo-hardened] ssp random bytes solution by Robert Connolly
1 On Tue, 2004-04-20 at 00:46, Robert Connolly wrote:
2 > On April 20, 2004 12:02 am, Ned Ludd wrote:
3 > > On Mon, 2004-04-19 at 22:29, Robert Connolly wrote:
4 > > > On April 19, 2004 09:16 pm, Ned Ludd wrote:
5 > > > > On Mon, 2004-04-19 at 17:55, Robert Connolly wrote:
6 > > > >>...
7 > > > >
8 > > > > Could you test the following attachment (guard-test) a few times and
9 > > > > post the results? Mainly I'd like to verify that your __guard is
10 > > > > infact working as expected. (It should SEGFAULT or SIGABRT)
11 > > >
12 > > > ./guard-test
13 > > > main = 0x800009d4;
14 > > > __guard = 0x4012aba0;
15 > > > __stack_smash_handler = 0x4002de50;
16 > > > __guard = 0x4012aba0;
17 > > > __stack_smash_handler = 0x4002de50;
18 > > > guard-test: stack smashing attack in function mainAborted
19 > >
20 > > And how about a second run... __guard is at a different location?
21 >
22 > No. The addresses do not change. btw, the addresses do not change using Etoh/
23 > obsd's ssp either (using arandom). I don't have a system with ssp urandom to
24 > compare to right now.
25
26
27 If the address does not change then it does not work.
28
29 Example of a working __guard_setup()
30
31 solar@simple ssp $ ./guard-test | grep guard
32 __guard = 0x2c773340;
33 solar@simple ssp $ ./guard-test | grep guard
34 __guard = 0x244be340;
35
36 >
37 > > What would be the point of even looking for /dev/{e,f} if the sysctl()
38 > > failed? Either we are using frandom or not. Right?
39 >
40 > If its a module /dev/erandom will still work if sysctl doesn't.
41
42 Ok then the code would/should look something like this.
43 if ((i = open("/dev/erandom", 0)) == (-1))
44 i = open("/dev/urandom", 0);
45
46 >
47 > > I would think the logic would work something like this untested
48 > > attachment.
49 >
50 > Yes.
51 >
52 >
53 >
54 > --
55 > gentoo-hardened@g.o mailing list
56 --
57 Ned Ludd <solar@g.o>
58 Gentoo Linux Developer

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-hardened] ssp random bytes solution Ned Ludd <solar@g.o>
Report Message
Find on MARC Find on Google Groups