| 1 |
On Fri, 2004-04-23 at 16:17, Travis Tilley wrote: |
| 2 |
|
| 3 |
snipped for sanity of the people being added to the CC: |
| 4 |
... |
| 5 |
.. |
| 6 |
. |
| 7 |
|
| 8 |
Wise man said careful what one rants about.. |
| 9 |
|
| 10 |
> to backpedal a bit: SSP. why is this forced onto all users of all archs |
| 11 |
> regardless of whether or not they intend to use SSP? |
| 12 |
|
| 13 |
It's in __libc_start_main() because thats where it needs it be. |
| 14 |
If it's symbols were move out of there then we are looking at reopening |
| 15 |
alot of bugs that are currently resolved because of it being in glibc vs |
| 16 |
libgcc_s. |
| 17 |
|
| 18 |
We are not the only distribution that does this, we were just the |
| 19 |
first linux distribution ;-) |
| 20 |
|
| 21 |
We are talking about 3 symbols here. |
| 22 |
All of which if we really needed to could be worked around rather |
| 23 |
trivially. Something like so if we ever wanted to remove it. But I |
| 24 |
HIGHLY recommend we not even try to explore this avenue at this time. |
| 25 |
|
| 26 |
unsigned long __guard; |
| 27 |
void __stack_smash_handler() {} |
| 28 |
void __guard_setup() {} |
| 29 |
|
| 30 |
Do these symbols keep you up at night? |
| 31 |
|
| 32 |
.. |
| 33 |
|
| 34 |
> I dont really like this. |
| 35 |
> I'd suggest a "nossp" USE flag, but at this point that isn't even possible! |
| 36 |
> any removal of SSP from glibc will cause every single application on every |
| 37 |
> single gentoo install to break horribly with errors about missing |
| 38 |
> __guard@glibc. |
| 39 |
|
| 40 |
|
| 41 |
Are you so sure of this? |
| 42 |
I was not aware that a dependency on the guard |
| 43 |
would be there unless you were actually using -fstack-protector or |
| 44 |
-fno-stack-protector-all. |
| 45 |
|
| 46 |
Please provide me with a valid test case that proves otherwise. |
| 47 |
Allow me to demonstrate in a simple example. |
| 48 |
|
| 49 |
solar@simple c $ cat main.c |
| 50 |
int main(int argc, char **argv) { return 0; } |
| 51 |
|
| 52 |
# Without ssp enabled. |
| 53 |
solar@simple c $ gcc -fno-stack-protector main.c -o main |
| 54 |
solar@simple c $ nm main | grep guard |
| 55 |
|
| 56 |
# And with ssp. |
| 57 |
solar@simple c $ gcc -fstack-protector-all main.c -o main |
| 58 |
solar@simple c $ nm main | grep guard |
| 59 |
U __guard@@GLIBC_2.3.2 |
| 60 |
|
| 61 |
|
| 62 |
> we are now dependant on it and can never move away without |
| 63 |
> some seriously hardcore pain. also, |
| 64 |
|
| 65 |
Is there a valid reason to move away from it? |
| 66 |
|
| 67 |
Does anything else allow us to offer multi arch compiler technologies |
| 68 |
(pointer, function verification) for our binaries thats stands up on |
| 69 |
it's technical merits as high as ssp without a serious performance hit? |
| 70 |
|
| 71 |
Do the research and you will probably come to the same conclusion as |
| 72 |
many us have.. period point blank it rocks our socks off for prevention |
| 73 |
of ret2libc attacks but it's not limited to just that. |
| 74 |
|
| 75 |
http://www.ida.liu.se/~johwi/research_publications/paper_ndss2003_john_wilander.pdf |
| 76 |
http://www.securityfocus.com/archive/1/269246 |
| 77 |
|
| 78 |
> it might be a bit more of a concern for |
| 79 |
> embedded system users who might need to use a libc other than glibc and start |
| 80 |
> off using non-static apps linked against glibc... |
| 81 |
|
| 82 |
Peter S. Mazinger has already put this support together for uClibc. |
| 83 |
In short it's not really a problem at all for embedded systems. |
| 84 |
If and when a we get a report of somebody having problems with say |
| 85 |
dietlibc then it's no problem to patch the stubs in there as well. |
| 86 |
|
| 87 |
Got *libc ssp problems? Come talk to the doctor. |
| 88 |
|
| 89 |
> but i'm not really familiar |
| 90 |
> with embedded. |
| 91 |
|
| 92 |
> there are probably many more issues here that i just havent |
| 93 |
> realised yet, but for what reason were we pushed into this? |
| 94 |
|
| 95 |
Well documented in our bugzilla.. |
| 96 |
Have a peek some time, search in the FIXED! |
| 97 |
|
| 98 |
> |
| 99 |
> Travis Tilley <lv@g.o> |
| 100 |
> Gentoo/AMD64 Developer |
| 101 |
> |
| 102 |
> -- |
| 103 |
> gentoo-dev@g.o mailing list |
| 104 |
-- |
| 105 |
Ned Ludd <solar@g.o> |
| 106 |
Gentoo Linux Developer |
Archives