| 1 |
On Sat, 13 Dec 2003, Peter S. Mazinger wrote: |
| 2 |
|
| 3 |
I do reply to myself ;-) |
| 4 |
The attached patch works, the kernel is bootable (in an uClibc env), but |
| 5 |
it is not the optimal version and I do not have a regression test to check |
| 6 |
if it does what it has to do (check the added protection through |
| 7 |
-fstack-protector-all). |
| 8 |
|
| 9 |
Another version would be to #include ../../../../lib/propolice.c in |
| 10 |
arch/i386/boot/compressed/misc.c and make some ifdef in propolice to not |
| 11 |
use panic in misc.c, like in patch2 |
| 12 |
|
| 13 |
STANDALONE is defined in misc.c and used only here to omit some parts |
| 14 |
from asm-i386/io.h, it is not present for other archs, so this works only |
| 15 |
for i386. |
| 16 |
|
| 17 |
misc.c supports only puts/error functions that could be used for printing |
| 18 |
some message, and I do not know how to add damaged and func vars to the |
| 19 |
message. |
| 20 |
|
| 21 |
The best version in my opinion would be to change the frogger patch so |
| 22 |
that panic is not used, something more generic, that would also work in |
| 23 |
misc.c for each arch w/o any ifdef. |
| 24 |
The patch is needed probably for all archs that have compressed boot |
| 25 |
images (I have the feeling that the error is coming due to the |
| 26 |
fact that inflate.c is included in misc.c). |
| 27 |
|
| 28 |
Could some kernel guru check if the patch(es) is/are good, and if the |
| 29 |
protection is achieved? |
| 30 |
|
| 31 |
Thanks, Peter |
| 32 |
|
| 33 |
> Hello! |
| 34 |
> |
| 35 |
> I am trying to build a kernel-2.4.23 with stack protector enabled using |
| 36 |
> gcc-3.3.2, propolice 3.3-5 and frogger's patch (needs some cleanup in |
| 37 |
> propolice.c: |
| 38 |
> 1 warning can be solved by adding #include <linux/kernel.h> (for panic) |
| 39 |
> the other is: |
| 40 |
> warning: octal escape sequence out of range |
| 41 |
> warning: multi-character character constant |
| 42 |
> |
| 43 |
> I do not understand what the warning means (gcc-2.96 has another warning), |
| 44 |
> it happens for the line |
| 45 |
> int __guard = '\0\0\n\777'; |
| 46 |
> How to correct this? |
| 47 |
> |
| 48 |
> I tried to add -fstack-protector-all and -fforce-addr (like in |
| 49 |
> hardened-gcc), but -fforce-addr does not work at all |
| 50 |
> (assembler definition of BUG() in asm-i386/page.h, produces the warning |
| 51 |
> below in blkdev.h, if I change 1 to 0, to get the simplified version of |
| 52 |
> BUG(), then the blkdev.h warning is gone), but after that the assembler |
| 53 |
> usage in random.c/sched.c produces: |
| 54 |
> |
| 55 |
> warning: asm operand 1 probably doesn't match constraints |
| 56 |
> error: impossible constraint in `asm' |
| 57 |
> |
| 58 |
> and exits (make -s bzImage) |
| 59 |
> |
| 60 |
> Now back to frogger's patch and -fstack-protector -fstack-protector-all |
| 61 |
> |
| 62 |
> Warnings due to gcc-3.3 usage (not present for gcc-2.95/96) |
| 63 |
> vt.c: In function `do_kdsk_ioctl': |
| 64 |
> vt.c:166: warning: comparison is always false due to limited range of data type |
| 65 |
> vt.c: In function `do_kdgkb_ioctl': |
| 66 |
> vt.c:283: warning: comparison is always false due to limited range of data type |
| 67 |
> keyboard.c: In function `do_fn': |
| 68 |
> keyboard.c:640: warning: comparison is always true due to limited range of data type |
| 69 |
> string.c:384: warning: conflicting types for built-in function `bcopy' |
| 70 |
> |
| 71 |
> see above |
| 72 |
> propolice.c:8:15: warning: octal escape sequence out of range |
| 73 |
> propolice.c:8:15: warning: multi-character character constant |
| 74 |
> |
| 75 |
> Warning due to gcc-3.3 usage (not present for gcc-2.95/96) |
| 76 |
> process.c: In function `machine_restart': |
| 77 |
> process.c:427: warning: use of memory input without lvalue in asm operand 0 is deprecated |
| 78 |
> |
| 79 |
> My problem: |
| 80 |
> misc.o(.text+0xb): In function `huft_build': |
| 81 |
> : undefined reference to `__guard' |
| 82 |
> misc.o(.text+0x4e8): In function `huft_build': |
| 83 |
> : undefined reference to `__guard' |
| 84 |
> misc.o(.text+0x4fb): In function `huft_build': |
| 85 |
> : undefined reference to `__stack_smash_handler' |
| 86 |
> misc.o(.text+0x511): In function `huft_free': |
| 87 |
> : undefined reference to `__guard' |
| 88 |
> misc.o(.text+0x53a): In function `huft_free': |
| 89 |
> : undefined reference to `__guard' |
| 90 |
> misc.o(.text+0x549): In function `huft_free': |
| 91 |
> : undefined reference to `__stack_smash_handler' |
| 92 |
> misc.o(.text+0x55c): In function `inflate_codes': |
| 93 |
> : undefined reference to `__guard' |
| 94 |
> misc.o(.text+0x911): In function `inflate_codes': |
| 95 |
> : undefined reference to `__guard' |
| 96 |
> misc.o(.text+0x921): In function `inflate_codes': |
| 97 |
> : undefined reference to `__stack_smash_handler' |
| 98 |
> misc.o(.text+0x93d): In function `inflate_stored': |
| 99 |
> : undefined reference to `__guard' |
| 100 |
> misc.o(.text+0xa9a): In function `inflate_stored': |
| 101 |
> : undefined reference to `__guard' |
| 102 |
> misc.o(.text+0xaa9): In function `inflate_stored': |
| 103 |
> : undefined reference to `__stack_smash_handler' |
| 104 |
> misc.o(.text+0xac5): In function `inflate_fixed': |
| 105 |
> : undefined reference to `__guard' |
| 106 |
> misc.o(.text+0xc19): In function `inflate_fixed': |
| 107 |
> : undefined reference to `__guard' |
| 108 |
> misc.o(.text+0xc2c): In function `inflate_fixed': |
| 109 |
> : undefined reference to `__stack_smash_handler' |
| 110 |
> misc.o(.text+0xc46): In function `inflate_dynamic': |
| 111 |
> : undefined reference to `__guard' |
| 112 |
> misc.o(.text+0x11b4): In function `inflate_dynamic': |
| 113 |
> : undefined reference to `__guard' |
| 114 |
> misc.o(.text+0x11c7): In function `inflate_dynamic': |
| 115 |
> : undefined reference to `__stack_smash_handler' |
| 116 |
> misc.o(.text+0x11df): In function `inflate_block': |
| 117 |
> : undefined reference to `__guard' |
| 118 |
> misc.o(.text+0x12bc): In function `inflate_block': |
| 119 |
> : undefined reference to `__guard' |
| 120 |
> misc.o(.text+0x12cb): In function `inflate_block': |
| 121 |
> : undefined reference to `__stack_smash_handler' |
| 122 |
> misc.o(.text+0x12eb): In function `inflate': |
| 123 |
> : undefined reference to `__guard' |
| 124 |
> misc.o(.text+0x136f): In function `inflate': |
| 125 |
> : undefined reference to `__guard' |
| 126 |
> misc.o(.text+0x137f): In function `inflate': |
| 127 |
> : undefined reference to `__stack_smash_handler' |
| 128 |
> misc.o(.text+0x13a3): In function `makecrc': |
| 129 |
> : undefined reference to `__guard' |
| 130 |
> misc.o(.text+0x1425): In function `makecrc': |
| 131 |
> : undefined reference to `__stack_smash_handler' |
| 132 |
> misc.o(.text+0x143a): In function `gunzip': |
| 133 |
> : undefined reference to `__guard' |
| 134 |
> misc.o(.text+0x18b0): In function `gunzip': |
| 135 |
> : undefined reference to `__guard' |
| 136 |
> misc.o(.text+0x18bf): In function `gunzip': |
| 137 |
> : undefined reference to `__stack_smash_handler' |
| 138 |
> misc.o(.text+0x18d1): In function `malloc': |
| 139 |
> : undefined reference to `__guard' |
| 140 |
> misc.o(.text+0x192d): In function `malloc': |
| 141 |
> : undefined reference to `__guard' |
| 142 |
> misc.o(.text+0x193c): In function `malloc': |
| 143 |
> : undefined reference to `__stack_smash_handler' |
| 144 |
> misc.o(.text+0x194d): In function `free': |
| 145 |
> : undefined reference to `__guard' |
| 146 |
> misc.o(.text+0x1964): In function `free': |
| 147 |
> : undefined reference to `__stack_smash_handler' |
| 148 |
> misc.o(.text+0x1972): In function `gzip_mark': |
| 149 |
> : undefined reference to `__guard' |
| 150 |
> misc.o(.text+0x1989): In function `gzip_mark': |
| 151 |
> : undefined reference to `__guard' |
| 152 |
> misc.o(.text+0x1998): In function `gzip_mark': |
| 153 |
> : undefined reference to `__stack_smash_handler' |
| 154 |
> misc.o(.text+0x19a7): In function `gzip_release': |
| 155 |
> : undefined reference to `__guard' |
| 156 |
> misc.o(.text+0x19c9): In function `gzip_release': |
| 157 |
> : undefined reference to `__stack_smash_handler' |
| 158 |
> misc.o(.text+0x19d7): In function `scroll': |
| 159 |
> : undefined reference to `__guard' |
| 160 |
> misc.o(.text+0x1a41): In function `scroll': |
| 161 |
> : undefined reference to `__guard' |
| 162 |
> misc.o(.text+0x1a50): In function `scroll': |
| 163 |
> : undefined reference to `__stack_smash_handler' |
| 164 |
> misc.o(.text+0x1a61): In function `puts': |
| 165 |
> : undefined reference to `__guard' |
| 166 |
> misc.o(.text+0x1b08): In function `puts': |
| 167 |
> : undefined reference to `__guard' |
| 168 |
> misc.o(.text+0x1b17): In function `puts': |
| 169 |
> : undefined reference to `__stack_smash_handler' |
| 170 |
> misc.o(.text+0x1b2c): In function `memset': |
| 171 |
> : undefined reference to `__guard' |
| 172 |
> misc.o(.text+0x1b52): In function `memset': |
| 173 |
> : undefined reference to `__guard' |
| 174 |
> misc.o(.text+0x1b61): In function `memset': |
| 175 |
> : undefined reference to `__stack_smash_handler' |
| 176 |
> misc.o(.text+0x1b76): In function `memcpy': |
| 177 |
> : undefined reference to `__guard' |
| 178 |
> misc.o(.text+0x1ba1): In function `memcpy': |
| 179 |
> : undefined reference to `__guard' |
| 180 |
> misc.o(.text+0x1bb0): In function `memcpy': |
| 181 |
> : undefined reference to `__stack_smash_handler' |
| 182 |
> misc.o(.text+0x1bc1): In function `fill_inbuf': |
| 183 |
> : undefined reference to `__guard' |
| 184 |
> misc.o(.text+0x1c06): In function `fill_inbuf': |
| 185 |
> : undefined reference to `__guard' |
| 186 |
> misc.o(.text+0x1c15): In function `fill_inbuf': |
| 187 |
> : undefined reference to `__stack_smash_handler' |
| 188 |
> misc.o(.text+0x1c2c): In function `flush_window_low': |
| 189 |
> : undefined reference to `__guard' |
| 190 |
> misc.o(.text+0x1c91): In function `flush_window_low': |
| 191 |
> : undefined reference to `__guard' |
| 192 |
> misc.o(.text+0x1ca0): In function `flush_window_low': |
| 193 |
> : undefined reference to `__stack_smash_handler' |
| 194 |
> misc.o(.text+0x1cb9): In function `flush_window_high': |
| 195 |
> : undefined reference to `__guard' |
| 196 |
> misc.o(.text+0x1d2d): In function `flush_window_high': |
| 197 |
> : undefined reference to `__guard' |
| 198 |
> misc.o(.text+0x1d3c): In function `flush_window_high': |
| 199 |
> : undefined reference to `__stack_smash_handler' |
| 200 |
> misc.o(.text+0x1d4c): In function `flush_window': |
| 201 |
> : undefined reference to `__guard' |
| 202 |
> misc.o(.text+0x1d6d): In function `flush_window': |
| 203 |
> : undefined reference to `__guard' |
| 204 |
> misc.o(.text+0x1d7c): In function `flush_window': |
| 205 |
> : undefined reference to `__stack_smash_handler' |
| 206 |
> misc.o(.text+0x1d8b): In function `error': |
| 207 |
> : undefined reference to `__guard' |
| 208 |
> misc.o(.text+0x1db9): In function `setup_normal_output_buffer': |
| 209 |
> : undefined reference to `__guard' |
| 210 |
> misc.o(.text+0x1e01): In function `setup_normal_output_buffer': |
| 211 |
> : undefined reference to `__guard' |
| 212 |
> misc.o(.text+0x1e10): In function `setup_normal_output_buffer': |
| 213 |
> : undefined reference to `__stack_smash_handler' |
| 214 |
> misc.o(.text+0x1e29): In function `setup_output_buffer_if_we_run_high': |
| 215 |
> : undefined reference to `__guard' |
| 216 |
> misc.o(.text+0x1ed4): In function `setup_output_buffer_if_we_run_high': |
| 217 |
> : undefined reference to `__guard' |
| 218 |
> misc.o(.text+0x1ee3): In function `setup_output_buffer_if_we_run_high': |
| 219 |
> : undefined reference to `__stack_smash_handler' |
| 220 |
> misc.o(.text+0x1ef2): In function `close_output_buffer_if_we_run_high': |
| 221 |
> : undefined reference to `__guard' |
| 222 |
> misc.o(.text+0x1f34): In function `close_output_buffer_if_we_run_high': |
| 223 |
> : undefined reference to `__guard' |
| 224 |
> misc.o(.text+0x1f43): In function `close_output_buffer_if_we_run_high': |
| 225 |
> : undefined reference to `__stack_smash_handler' |
| 226 |
> misc.o(.text+0x1f52): In function `decompress_kernel': |
| 227 |
> : undefined reference to `__guard' |
| 228 |
> misc.o(.text+0x2002): In function `decompress_kernel': |
| 229 |
> : undefined reference to `__guard' |
| 230 |
> misc.o(.text+0x2011): In function `decompress_kernel': |
| 231 |
> : undefined reference to `__stack_smash_handler' |
| 232 |
> make[2]: *** [bvmlinux] Error 1 |
| 233 |
> make[1]: *** [compressed/bvmlinux] Error 2 |
| 234 |
> make: *** [bzImage] Error 2 |
| 235 |
> |
| 236 |
> This does not happen for only using -fstack-protector. |
| 237 |
> |
| 238 |
> Can this be solved? Or otherway round, would the -fstack-protector-all |
| 239 |
> enhance kernel security? |
| 240 |
> |
| 241 |
> Thanks, Peter |
| 242 |
> |
| 243 |
> |
| 244 |
|
| 245 |
-- |
| 246 |
Peter S. Mazinger <ps.m@×××.net> ID: 0xA5F059F2 NIC: IXUYHSKQLI |
| 247 |
Key fingerprint = 92A4 31E1 56BC 3D5A 2D08 BB6E C389 975E A5F0 59F2 |
| 248 |
|
| 249 |
____________________________________________________________________ |
| 250 |
Miert fizetsz az internetert? Korlatlan, ingyenes internet hozzaferes a FreeStarttol. |
| 251 |
Probald ki most! http://www.freestart.hu |
Archives