| 1 |
Hi, |
| 2 |
Thanks for the useful info. Assessing strength of the cookie itself definitely |
| 3 |
sounds like a good idea (same for PIE + ASLR actually). |
| 4 |
|
| 5 |
Unfortunately, seems like the attached file has been intercepted somewhere |
| 6 |
along the way... ;) Could you resend please? I'm curious to give it a go. |
| 7 |
|
| 8 |
Thanks, |
| 9 |
Radek Madej |
| 10 |
|
| 11 |
On Friday 02 July 2010 08:41:46 you wrote: |
| 12 |
> Hello, |
| 13 |
> |
| 14 |
> In addition to checking if SSP is enabled for binaries, you might want |
| 15 |
> to check the /strength/ of the cookie. |
| 16 |
> |
| 17 |
> For example, some distros will use a full 32 bit cookie strength, where |
| 18 |
> as others will use a 24 bit strength cookie (such as ubuntu 10.04), |
| 19 |
> where they set a cookie like 0x00xxyyzz (for 32 bit little endian). |
| 20 |
> |
| 21 |
> Presumably it is for off by one errors (buf[buflen] = 0) and maybe to |
| 22 |
> prevent ssp bruteforcing in string copy routines :) |
| 23 |
> |
| 24 |
> At any rate, I've attached a .c file you can use. depending on compiler |
| 25 |
> version and stuff, you might need to modify the OFFSET parameter. You'll |
| 26 |
> want to test it with -static as well (some distros have released setups |
| 27 |
> where if you compile a binary statically, it will not initialize the |
| 28 |
> cookie, etc :) |
| 29 |
> |
| 30 |
> Thanks, |
| 31 |
> Andrew Griffiths |
| 32 |
> |
| 33 |
> On Thu, Jul 01, 2010 at 08:46:11AM +0100, Radoslaw Madej wrote: |
| 34 |
> > Hi guys, |
| 35 |
> > |
| 36 |
> > I convinced the company I work for to allow me to spend some time on |
| 37 |
> > reviewing different security aspects of Linux OS and different distros. |
| 38 |
> > As it also involves Gentoo Hardened (which I also happily use on a daily |
| 39 |
> > basis), I thought I'd share. :) |
| 40 |
> > |
| 41 |
> > http://labs.mwrinfosecurity.com/projectdetail.php?project=13&view=news |
| 42 |
> > |
| 43 |
> > There should be more to come in a near future. Any feedback appreciated |
| 44 |
> > :) |
| 45 |
> > |
| 46 |
> > Thanks to all hardened-dev for making the Hardened Gentoo happen! :) |
| 47 |
> > Regards, |
| 48 |
> > Radek Madej |
Archives