1 |
On Sat, 13 Dec 2003, Peter S. Mazinger wrote: |
2 |
|
3 |
I do reply to myself ;-) |
4 |
The attached patch works, the kernel is bootable (in an uClibc env), but |
5 |
it is not the optimal version and I do not have a regression test to check |
6 |
if it does what it has to do (check the added protection through |
7 |
-fstack-protector-all). |
8 |
|
9 |
Another version would be to #include ../../../../lib/propolice.c in |
10 |
arch/i386/boot/compressed/misc.c and make some ifdef in propolice to not |
11 |
use panic in misc.c, like in patch2 |
12 |
|
13 |
STANDALONE is defined in misc.c and used only here to omit some parts |
14 |
from asm-i386/io.h, it is not present for other archs, so this works only |
15 |
for i386. |
16 |
|
17 |
misc.c supports only puts/error functions that could be used for printing |
18 |
some message, and I do not know how to add damaged and func vars to the |
19 |
message. |
20 |
|
21 |
The best version in my opinion would be to change the frogger patch so |
22 |
that panic is not used, something more generic, that would also work in |
23 |
misc.c for each arch w/o any ifdef. |
24 |
The patch is needed probably for all archs that have compressed boot |
25 |
images (I have the feeling that the error is coming due to the |
26 |
fact that inflate.c is included in misc.c). |
27 |
|
28 |
Could some kernel guru check if the patch(es) is/are good, and if the |
29 |
protection is achieved? |
30 |
|
31 |
Thanks, Peter |
32 |
|
33 |
> Hello! |
34 |
> |
35 |
> I am trying to build a kernel-2.4.23 with stack protector enabled using |
36 |
> gcc-3.3.2, propolice 3.3-5 and frogger's patch (needs some cleanup in |
37 |
> propolice.c: |
38 |
> 1 warning can be solved by adding #include <linux/kernel.h> (for panic) |
39 |
> the other is: |
40 |
> warning: octal escape sequence out of range |
41 |
> warning: multi-character character constant |
42 |
> |
43 |
> I do not understand what the warning means (gcc-2.96 has another warning), |
44 |
> it happens for the line |
45 |
> int __guard = '\0\0\n\777'; |
46 |
> How to correct this? |
47 |
> |
48 |
> I tried to add -fstack-protector-all and -fforce-addr (like in |
49 |
> hardened-gcc), but -fforce-addr does not work at all |
50 |
> (assembler definition of BUG() in asm-i386/page.h, produces the warning |
51 |
> below in blkdev.h, if I change 1 to 0, to get the simplified version of |
52 |
> BUG(), then the blkdev.h warning is gone), but after that the assembler |
53 |
> usage in random.c/sched.c produces: |
54 |
> |
55 |
> warning: asm operand 1 probably doesn't match constraints |
56 |
> error: impossible constraint in `asm' |
57 |
> |
58 |
> and exits (make -s bzImage) |
59 |
> |
60 |
> Now back to frogger's patch and -fstack-protector -fstack-protector-all |
61 |
> |
62 |
> Warnings due to gcc-3.3 usage (not present for gcc-2.95/96) |
63 |
> vt.c: In function `do_kdsk_ioctl': |
64 |
> vt.c:166: warning: comparison is always false due to limited range of data type |
65 |
> vt.c: In function `do_kdgkb_ioctl': |
66 |
> vt.c:283: warning: comparison is always false due to limited range of data type |
67 |
> keyboard.c: In function `do_fn': |
68 |
> keyboard.c:640: warning: comparison is always true due to limited range of data type |
69 |
> string.c:384: warning: conflicting types for built-in function `bcopy' |
70 |
> |
71 |
> see above |
72 |
> propolice.c:8:15: warning: octal escape sequence out of range |
73 |
> propolice.c:8:15: warning: multi-character character constant |
74 |
> |
75 |
> Warning due to gcc-3.3 usage (not present for gcc-2.95/96) |
76 |
> process.c: In function `machine_restart': |
77 |
> process.c:427: warning: use of memory input without lvalue in asm operand 0 is deprecated |
78 |
> |
79 |
> My problem: |
80 |
> misc.o(.text+0xb): In function `huft_build': |
81 |
> : undefined reference to `__guard' |
82 |
> misc.o(.text+0x4e8): In function `huft_build': |
83 |
> : undefined reference to `__guard' |
84 |
> misc.o(.text+0x4fb): In function `huft_build': |
85 |
> : undefined reference to `__stack_smash_handler' |
86 |
> misc.o(.text+0x511): In function `huft_free': |
87 |
> : undefined reference to `__guard' |
88 |
> misc.o(.text+0x53a): In function `huft_free': |
89 |
> : undefined reference to `__guard' |
90 |
> misc.o(.text+0x549): In function `huft_free': |
91 |
> : undefined reference to `__stack_smash_handler' |
92 |
> misc.o(.text+0x55c): In function `inflate_codes': |
93 |
> : undefined reference to `__guard' |
94 |
> misc.o(.text+0x911): In function `inflate_codes': |
95 |
> : undefined reference to `__guard' |
96 |
> misc.o(.text+0x921): In function `inflate_codes': |
97 |
> : undefined reference to `__stack_smash_handler' |
98 |
> misc.o(.text+0x93d): In function `inflate_stored': |
99 |
> : undefined reference to `__guard' |
100 |
> misc.o(.text+0xa9a): In function `inflate_stored': |
101 |
> : undefined reference to `__guard' |
102 |
> misc.o(.text+0xaa9): In function `inflate_stored': |
103 |
> : undefined reference to `__stack_smash_handler' |
104 |
> misc.o(.text+0xac5): In function `inflate_fixed': |
105 |
> : undefined reference to `__guard' |
106 |
> misc.o(.text+0xc19): In function `inflate_fixed': |
107 |
> : undefined reference to `__guard' |
108 |
> misc.o(.text+0xc2c): In function `inflate_fixed': |
109 |
> : undefined reference to `__stack_smash_handler' |
110 |
> misc.o(.text+0xc46): In function `inflate_dynamic': |
111 |
> : undefined reference to `__guard' |
112 |
> misc.o(.text+0x11b4): In function `inflate_dynamic': |
113 |
> : undefined reference to `__guard' |
114 |
> misc.o(.text+0x11c7): In function `inflate_dynamic': |
115 |
> : undefined reference to `__stack_smash_handler' |
116 |
> misc.o(.text+0x11df): In function `inflate_block': |
117 |
> : undefined reference to `__guard' |
118 |
> misc.o(.text+0x12bc): In function `inflate_block': |
119 |
> : undefined reference to `__guard' |
120 |
> misc.o(.text+0x12cb): In function `inflate_block': |
121 |
> : undefined reference to `__stack_smash_handler' |
122 |
> misc.o(.text+0x12eb): In function `inflate': |
123 |
> : undefined reference to `__guard' |
124 |
> misc.o(.text+0x136f): In function `inflate': |
125 |
> : undefined reference to `__guard' |
126 |
> misc.o(.text+0x137f): In function `inflate': |
127 |
> : undefined reference to `__stack_smash_handler' |
128 |
> misc.o(.text+0x13a3): In function `makecrc': |
129 |
> : undefined reference to `__guard' |
130 |
> misc.o(.text+0x1425): In function `makecrc': |
131 |
> : undefined reference to `__stack_smash_handler' |
132 |
> misc.o(.text+0x143a): In function `gunzip': |
133 |
> : undefined reference to `__guard' |
134 |
> misc.o(.text+0x18b0): In function `gunzip': |
135 |
> : undefined reference to `__guard' |
136 |
> misc.o(.text+0x18bf): In function `gunzip': |
137 |
> : undefined reference to `__stack_smash_handler' |
138 |
> misc.o(.text+0x18d1): In function `malloc': |
139 |
> : undefined reference to `__guard' |
140 |
> misc.o(.text+0x192d): In function `malloc': |
141 |
> : undefined reference to `__guard' |
142 |
> misc.o(.text+0x193c): In function `malloc': |
143 |
> : undefined reference to `__stack_smash_handler' |
144 |
> misc.o(.text+0x194d): In function `free': |
145 |
> : undefined reference to `__guard' |
146 |
> misc.o(.text+0x1964): In function `free': |
147 |
> : undefined reference to `__stack_smash_handler' |
148 |
> misc.o(.text+0x1972): In function `gzip_mark': |
149 |
> : undefined reference to `__guard' |
150 |
> misc.o(.text+0x1989): In function `gzip_mark': |
151 |
> : undefined reference to `__guard' |
152 |
> misc.o(.text+0x1998): In function `gzip_mark': |
153 |
> : undefined reference to `__stack_smash_handler' |
154 |
> misc.o(.text+0x19a7): In function `gzip_release': |
155 |
> : undefined reference to `__guard' |
156 |
> misc.o(.text+0x19c9): In function `gzip_release': |
157 |
> : undefined reference to `__stack_smash_handler' |
158 |
> misc.o(.text+0x19d7): In function `scroll': |
159 |
> : undefined reference to `__guard' |
160 |
> misc.o(.text+0x1a41): In function `scroll': |
161 |
> : undefined reference to `__guard' |
162 |
> misc.o(.text+0x1a50): In function `scroll': |
163 |
> : undefined reference to `__stack_smash_handler' |
164 |
> misc.o(.text+0x1a61): In function `puts': |
165 |
> : undefined reference to `__guard' |
166 |
> misc.o(.text+0x1b08): In function `puts': |
167 |
> : undefined reference to `__guard' |
168 |
> misc.o(.text+0x1b17): In function `puts': |
169 |
> : undefined reference to `__stack_smash_handler' |
170 |
> misc.o(.text+0x1b2c): In function `memset': |
171 |
> : undefined reference to `__guard' |
172 |
> misc.o(.text+0x1b52): In function `memset': |
173 |
> : undefined reference to `__guard' |
174 |
> misc.o(.text+0x1b61): In function `memset': |
175 |
> : undefined reference to `__stack_smash_handler' |
176 |
> misc.o(.text+0x1b76): In function `memcpy': |
177 |
> : undefined reference to `__guard' |
178 |
> misc.o(.text+0x1ba1): In function `memcpy': |
179 |
> : undefined reference to `__guard' |
180 |
> misc.o(.text+0x1bb0): In function `memcpy': |
181 |
> : undefined reference to `__stack_smash_handler' |
182 |
> misc.o(.text+0x1bc1): In function `fill_inbuf': |
183 |
> : undefined reference to `__guard' |
184 |
> misc.o(.text+0x1c06): In function `fill_inbuf': |
185 |
> : undefined reference to `__guard' |
186 |
> misc.o(.text+0x1c15): In function `fill_inbuf': |
187 |
> : undefined reference to `__stack_smash_handler' |
188 |
> misc.o(.text+0x1c2c): In function `flush_window_low': |
189 |
> : undefined reference to `__guard' |
190 |
> misc.o(.text+0x1c91): In function `flush_window_low': |
191 |
> : undefined reference to `__guard' |
192 |
> misc.o(.text+0x1ca0): In function `flush_window_low': |
193 |
> : undefined reference to `__stack_smash_handler' |
194 |
> misc.o(.text+0x1cb9): In function `flush_window_high': |
195 |
> : undefined reference to `__guard' |
196 |
> misc.o(.text+0x1d2d): In function `flush_window_high': |
197 |
> : undefined reference to `__guard' |
198 |
> misc.o(.text+0x1d3c): In function `flush_window_high': |
199 |
> : undefined reference to `__stack_smash_handler' |
200 |
> misc.o(.text+0x1d4c): In function `flush_window': |
201 |
> : undefined reference to `__guard' |
202 |
> misc.o(.text+0x1d6d): In function `flush_window': |
203 |
> : undefined reference to `__guard' |
204 |
> misc.o(.text+0x1d7c): In function `flush_window': |
205 |
> : undefined reference to `__stack_smash_handler' |
206 |
> misc.o(.text+0x1d8b): In function `error': |
207 |
> : undefined reference to `__guard' |
208 |
> misc.o(.text+0x1db9): In function `setup_normal_output_buffer': |
209 |
> : undefined reference to `__guard' |
210 |
> misc.o(.text+0x1e01): In function `setup_normal_output_buffer': |
211 |
> : undefined reference to `__guard' |
212 |
> misc.o(.text+0x1e10): In function `setup_normal_output_buffer': |
213 |
> : undefined reference to `__stack_smash_handler' |
214 |
> misc.o(.text+0x1e29): In function `setup_output_buffer_if_we_run_high': |
215 |
> : undefined reference to `__guard' |
216 |
> misc.o(.text+0x1ed4): In function `setup_output_buffer_if_we_run_high': |
217 |
> : undefined reference to `__guard' |
218 |
> misc.o(.text+0x1ee3): In function `setup_output_buffer_if_we_run_high': |
219 |
> : undefined reference to `__stack_smash_handler' |
220 |
> misc.o(.text+0x1ef2): In function `close_output_buffer_if_we_run_high': |
221 |
> : undefined reference to `__guard' |
222 |
> misc.o(.text+0x1f34): In function `close_output_buffer_if_we_run_high': |
223 |
> : undefined reference to `__guard' |
224 |
> misc.o(.text+0x1f43): In function `close_output_buffer_if_we_run_high': |
225 |
> : undefined reference to `__stack_smash_handler' |
226 |
> misc.o(.text+0x1f52): In function `decompress_kernel': |
227 |
> : undefined reference to `__guard' |
228 |
> misc.o(.text+0x2002): In function `decompress_kernel': |
229 |
> : undefined reference to `__guard' |
230 |
> misc.o(.text+0x2011): In function `decompress_kernel': |
231 |
> : undefined reference to `__stack_smash_handler' |
232 |
> make[2]: *** [bvmlinux] Error 1 |
233 |
> make[1]: *** [compressed/bvmlinux] Error 2 |
234 |
> make: *** [bzImage] Error 2 |
235 |
> |
236 |
> This does not happen for only using -fstack-protector. |
237 |
> |
238 |
> Can this be solved? Or otherway round, would the -fstack-protector-all |
239 |
> enhance kernel security? |
240 |
> |
241 |
> Thanks, Peter |
242 |
> |
243 |
> |
244 |
|
245 |
-- |
246 |
Peter S. Mazinger <ps.m@×××.net> ID: 0xA5F059F2 NIC: IXUYHSKQLI |
247 |
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2 |
248 |
|
249 |
____________________________________________________________________ |
250 |
Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol. |
251 |
Probald ki most! http://www.freestart.hu |