From: Andy Lutomirski <luto@amacapital.net>
To: musl@lists.openwall.com
Subject: Re: magic constants in some startup code
Date: Fri, 31 Oct 2014 13:19:47 -0700 [thread overview]
Message-ID: <5453EEE3.1040208@amacapital.net> (raw)
In-Reply-To: <20141031160913.GC22465@brightrain.aerifal.cx>
On 10/31/2014 09:09 AM, Rich Felker wrote:
> On Fri, Oct 31, 2014 at 10:31:45AM -0400, Richard Gorton wrote:
>> Thank you (and a follow up question) - what code looks at this
>> canary? It is assigned to pthread_self()->canary, but I do not see
>> any code inside musl itself that checks that value? A work in
>> progress? Or does other code check this value?
>
> It's part of the stack-protector feature at the compiler level. gcc,
> clang, and any other compilers that implement this feature generate
> code to read the canary at the start of a function protected by stack
> protector, store it between the saved return address and local
> buffers, and check that it hasn't been clobbered before returning.
I'm a bit confused by the code now. Is the canary intended to be
per-thread or global? There's a copy in struct pthread.
Also, would it make sense for musl to implement getauxval? If so, it
might be nice to do something to avoid inadvertent misuse of the part of
AT_RANDOM value used here.
For example, musl could implement a trivial DRBG seeded by AT_RANDOM and
replace the AT_RANDOM data with the first output from the DRBG at
startup. Then getauxval users are safe and musl can also have a stream
of decent random numbers for internal use.
If you think this is a good idea, I could implement it. The main
downside would be that it'll require some crypto primitive. There's
already a SHA-256 implementation in musl that could be reused, but it
would be a bit unfortunate to pull it in to all musl-linked static binaries.
--Andy
next prev parent reply other threads:[~2014-10-31 20:19 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-31 13:31 Richard Gorton
2014-10-31 14:18 ` Rich Felker
2014-10-31 14:31 ` Richard Gorton
2014-10-31 16:09 ` Rich Felker
2014-10-31 20:19 ` Andy Lutomirski [this message]
2014-10-31 21:05 ` Rich Felker
2014-10-31 21:29 ` Andy Lutomirski
2014-10-31 21:39 ` Rich Felker
2014-10-31 22:27 ` Andy Lutomirski
2014-10-31 23:14 ` Rich Felker
2014-11-02 17:17 ` Szabolcs Nagy
2014-11-02 19:10 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5453EEE3.1040208@amacapital.net \
--to=luto@amacapital.net \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).