| 1 |
pageexec@××××××××.hu wrote: |
| 2 |
> On 22 May 2009 at 13:32, basile wrote: |
| 3 |
> |
| 4 |
> |
| 5 |
>> Paxtest doesn't cover everything, but it covers important checks and if |
| 6 |
>> any fail there is definitely reason for concern. |
| 7 |
>> |
| 8 |
> |
| 9 |
> just a sidenote, the ssp tests in paxtest were written to FAIL, not to |
| 10 |
> succeed, since pax doesn't prevent overflows per se. if you want to assert |
| 11 |
> the effectiveness of a particular ssp implementation, you'll have to write |
| 12 |
> much more extensive tests. |
| 13 |
> |
| 14 |
> |
| 15 |
|
| 16 |
I did test on variations of classic code like |
| 17 |
|
| 18 |
#include <stdio.h> |
| 19 |
#include <string.h> |
| 20 |
|
| 21 |
int main(int argc, char * argv[]) |
| 22 |
{ |
| 23 |
char buf[8]; |
| 24 |
|
| 25 |
strcpy(buf,argv[1]); |
| 26 |
printf(buf); |
| 27 |
printf("\n"); |
| 28 |
|
| 29 |
return 0; |
| 30 |
} |
| 31 |
|
| 32 |
|
| 33 |
compiling with |
| 34 |
|
| 35 |
(1) gcc -O2 -Wall -save-temps -o test test.c |
| 36 |
(2) gcc -O2 -Wall -fstack-protector -save-temps -o test test.c |
| 37 |
(3) gcc -O2 -Wall -fstack-protector-all -save-temps -o test test.c |
| 38 |
|
| 39 |
and ran with |
| 40 |
|
| 41 |
./test $(perl -e 'print "A"x7') |
| 42 |
./test $(perl -e 'print "A"x8') |
| 43 |
./test $(perl -e 'print "A"x9') |
| 44 |
etc. |
| 45 |
|
| 46 |
With no stack protector, you get a seg fault. With stack-protector* you get |
| 47 |
|
| 48 |
*** stack smashing detected ***: ./test terminated |
| 49 |
======= Backtrace: ========= |
| 50 |
|
| 51 |
etc. I also did |
| 52 |
|
| 53 |
diff test.s test-fstack-protector.s |
| 54 |
|
| 55 |
to see check that call __stack_chk_fail was there and |
| 56 |
|
| 57 |
diff test-fstack-protector.s test-fstack-protector-all.s |
| 58 |
|
| 59 |
to see under what circumstances -fstack-protector and |
| 60 |
-fstack-protector-all are different |
| 61 |
(not my above code.) |
| 62 |
|
| 63 |
|
| 64 |
I am unaware of a systematic suite for testing stack smashing, so I |
| 65 |
tested calls to functions with buffers. |
| 66 |
|
| 67 |
-- |
| 68 |
|
| 69 |
Anthony G. Basile, Ph.D. |
| 70 |
Chair of Information Technology |
| 71 |
D'Youville College |
| 72 |
Buffalo, NY 14201 |
| 73 |
USA |
| 74 |
|
| 75 |
(716) 829-8197 |
Archives