1 |
Hi, |
2 |
Thanks for the useful info. Assessing strength of the cookie itself definitely |
3 |
sounds like a good idea (same for PIE + ASLR actually). |
4 |
|
5 |
Unfortunately, seems like the attached file has been intercepted somewhere |
6 |
along the way... ;) Could you resend please? I'm curious to give it a go. |
7 |
|
8 |
Thanks, |
9 |
Radek Madej |
10 |
|
11 |
On Friday 02 July 2010 08:41:46 you wrote: |
12 |
> Hello, |
13 |
> |
14 |
> In addition to checking if SSP is enabled for binaries, you might want |
15 |
> to check the /strength/ of the cookie. |
16 |
> |
17 |
> For example, some distros will use a full 32 bit cookie strength, where |
18 |
> as others will use a 24 bit strength cookie (such as ubuntu 10.04), |
19 |
> where they set a cookie like 0x00xxyyzz (for 32 bit little endian). |
20 |
> |
21 |
> Presumably it is for off by one errors (buf[buflen] = 0) and maybe to |
22 |
> prevent ssp bruteforcing in string copy routines :) |
23 |
> |
24 |
> At any rate, I've attached a .c file you can use. depending on compiler |
25 |
> version and stuff, you might need to modify the OFFSET parameter. You'll |
26 |
> want to test it with -static as well (some distros have released setups |
27 |
> where if you compile a binary statically, it will not initialize the |
28 |
> cookie, etc :) |
29 |
> |
30 |
> Thanks, |
31 |
> Andrew Griffiths |
32 |
> |
33 |
> On Thu, Jul 01, 2010 at 08:46:11AM +0100, Radoslaw Madej wrote: |
34 |
> > Hi guys, |
35 |
> > |
36 |
> > I convinced the company I work for to allow me to spend some time on |
37 |
> > reviewing different security aspects of Linux OS and different distros. |
38 |
> > As it also involves Gentoo Hardened (which I also happily use on a daily |
39 |
> > basis), I thought I'd share. :) |
40 |
> > |
41 |
> > http://labs.mwrinfosecurity.com/projectdetail.php?project=13&view=news |
42 |
> > |
43 |
> > There should be more to come in a near future. Any feedback appreciated |
44 |
> > :) |
45 |
> > |
46 |
> > Thanks to all hardened-dev for making the Hardened Gentoo happen! :) |
47 |
> > Regards, |
48 |
> > Radek Madej |