1 |
- len = read(fd, (char *) &__guard, sizeof(__guard)); |
2 |
+ len = read(i, (char *) &__guard, sizeof(__guard)); |
3 |
|
4 |
On Tue, 2004-04-20 at 00:02, Ned Ludd wrote: |
5 |
> On Mon, 2004-04-19 at 22:29, Robert Connolly wrote: |
6 |
> > On April 19, 2004 09:16 pm, Ned Ludd wrote: |
7 |
> > > On Mon, 2004-04-19 at 17:55, Robert Connolly wrote: |
8 |
> > >>... |
9 |
> > > Could you test the following attachment (guard-test) a few times and |
10 |
> > > post the results? Mainly I'd like to verify that your __guard is infact |
11 |
> > > working as expected. (It should SEGFAULT or SIGABRT) |
12 |
> > |
13 |
> > ./guard-test |
14 |
> > main = 0x800009d4; |
15 |
> > __guard = 0x4012aba0; |
16 |
> > __stack_smash_handler = 0x4002de50; |
17 |
> > __guard = 0x4012aba0; |
18 |
> > __stack_smash_handler = 0x4002de50; |
19 |
> > guard-test: stack smashing attack in function mainAborted |
20 |
> |
21 |
> And how about a second run... __guard is at a different location? |
22 |
> |
23 |
> > |
24 |
> > > I took a quick look at the (glibc) code and it appears as if you drooped |
25 |
> > > support completely for /dec/urandom I'm not sure if that's a good idea |
26 |
> > > because if a user decides not to use frandom then she will end up with |
27 |
> > > the default canary only which would weaken the entire model.. |
28 |
> > |
29 |
> > That doable. But sysctl random_uuid could also be used as a second fallback. / |
30 |
> |
31 |
> kernel.random.uuid can only be read by uid 0 |
32 |
> Actually I'm not 100% sure on this because I've had my /proc/sys |
33 |
> restricted for so long thanks to grsecurity.. |
34 |
> |
35 |
> |
36 |
> > dev/{e,f}random third, urandom fourth... I just used sysctl erandom so not to |
37 |
> > make it too complicated for now. |
38 |
> |
39 |
> What would be the point of even looking for /dev/{e,f} if the sysctl() |
40 |
> failed? Either we are using frandom or not. Right? |
41 |
> |
42 |
> I would think the logic would work something like this untested |
43 |
> attachment. |
44 |
> |
45 |
> > > Also can this be enabled in the kernel as non LKM? |
46 |
> > > As handy as modules are they are a security risk and should be avoided |
47 |
> > > at all costs. |
48 |
> > |
49 |
> > As in built in? yes. The sysctl support will not work as a module. |
50 |
> > |
51 |
> > |
52 |
> > -- |
53 |
> > gentoo-hardened@g.o mailing list |
54 |
-- |
55 |
Ned Ludd <solar@g.o> |
56 |
Gentoo Linux Developer |