1 |
On Mon, 2004-01-19 at 10:21, Joseph Pingenot wrote: |
2 |
> From John Chronister on Monday, 19 January, 2004: |
3 |
> >how do i get stack smashing protection on amd64? i am using the latest |
4 |
> >experimental amd64 live cd. |
5 |
> >-chron |
6 |
|
7 |
> You don't. IIRC, linux sets the stack noexec on amd64, and amd64 processors |
8 |
> honor it. Remember the hullaballoo about Microsoft doing the same thing? |
9 |
|
10 |
Simply trying to take advantage of the NX bit on the 64 bit arch won't |
11 |
do the job alone of preventing arbitrary code execution whihc I assume |
12 |
is the goal here. |
13 |
He in fact will want to enable ssp on the amd64 as well as have a kernel |
14 |
that can take advantage of it. As far as I'm aware of PaX |
15 |
http://pax.grsecurity.net/ is the only kernel patch that will let you |
16 |
take advantage of the NX bit on any of the 64 bit arches. |
17 |
|
18 |
solar@amd64 solar $ cat vuln.c |
19 |
#include <string.h> |
20 |
int main(int argc, char **argv) { |
21 |
char buf[10]; |
22 |
strcpy(buf, argv[1]); |
23 |
return 0; |
24 |
} |
25 |
solar@amd64 solar $ make vuln |
26 |
gcc vuln.c -o vuln |
27 |
solar@amd64 solar $ ./vuln 12345678901234567890123456789012345678901 |
28 |
Segmentation fault |
29 |
solar@amd64 solar $ gcc vuln.c -o vuln -fstack-protector |
30 |
solar@amd64 solar $ ./vuln 12345678901234567890123456789012345678901 |
31 |
vuln: stack smashing attack in function main |
32 |
Aborted |
33 |
|
34 |
Here is my suggestion for a secure set of CFLAGS for the amd64 after |
35 |
getting and applying the PaX patch for amd64 and enabling Address Space |
36 |
Layout Randomizations. |
37 |
|
38 |
CFLAGS="${CFLAGS} -fomit-frame-pointer -fstack-protector -fPIC -pie |
39 |
-fforce-addr" |
40 |
|
41 |
This will build you a position independent executable without debugging |
42 |
frames as well as force memory address constants to be copied into |
43 |
registers before any arithmetic is preformed on them them. |
44 |
|
45 |
The hardened project at gentoo is planning on releasing stages which |
46 |
have this same set of flags enabled after gcc-3.3.x goes stable. |
47 |
|
48 |
[snip] |
49 |
|
50 |
> Many thanks to the amd64 kernel hackers! |
51 |
> |
52 |
> -Joseph |
53 |
-- |
54 |
Ned Ludd <solar@g.o> |
55 |
Gentoo Linux Developer |