From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6405 Path: news.gmane.org!not-for-mail From: Andy Lutomirski Newsgroups: gmane.linux.lib.musl.general Subject: Re: magic constants in some startup code Date: Fri, 31 Oct 2014 13:19:47 -0700 Message-ID: <5453EEE3.1040208@amacapital.net> References: <45BFC4C3-FA51-49B5-8C58-1C1FC075BD28@cognitive-electronics.com> <20141031141844.GA22465@brightrain.aerifal.cx> <8B3E5DDE-2691-4377-8934-362ACC7BEA69@cognitive-electronics.com> <20141031160913.GC22465@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1414786813 15990 80.91.229.3 (31 Oct 2014 20:20:13 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 31 Oct 2014 20:20:13 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-6418-gllmg-musl=m.gmane.org@lists.openwall.com Fri Oct 31 21:20:06 2014 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1XkIg1-0002kh-Er for gllmg-musl@m.gmane.org; Fri, 31 Oct 2014 21:20:05 +0100 Original-Received: (qmail 13877 invoked by uid 550); 31 Oct 2014 20:20:04 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 13869 invoked from network); 31 Oct 2014 20:20:03 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=IW0C+uqXSQ69wAEFAnJo7EcpCtoZCjJgLqmzvkoak/w=; b=YTYRjQOrvWWOgSDSaTNfznqirz2XC3AgdPkILvOTW8Ji3Vcyu3vytBD8kRFRkguLHT 2icj0fmejQ89DnboiBhHajz99NHaScsvmwkjg7m+9VgUnlKz34+kgmoPKygiHGu+vDww d94GYjHlnC7tvlgXzWLtmXLmbAAuLLGK+pzPjamlquihwaQbYPl/8P8vbkqelJ0/ZSD5 1ph+epCrTjL+eRTwQgsV9F/ukFFkYnIAMLZpyza+K1MPbdi0mfcXC79jyB92n2AuQ3/w 6hMxJ9I4TE/sREkScZ84ANa0PKt6S1a6GYiWJy82yihAP6e9nu2AsUGwa6o2S1H8l8mi M/ew== X-Gm-Message-State: ALoCoQnVtwT2WhWuWZouSGIqY0arBY6XiVubSw+OlP+FyVO1zC2YMLWP5Wi2IuEuWVdqvDDtPirb X-Received: by 10.70.109.169 with SMTP id ht9mr13391217pdb.152.1414786790799; Fri, 31 Oct 2014 13:19:50 -0700 (PDT) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 In-Reply-To: <20141031160913.GC22465@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:6405 Archived-At: On 10/31/2014 09:09 AM, Rich Felker wrote: > On Fri, Oct 31, 2014 at 10:31:45AM -0400, Richard Gorton wrote: >> Thank you (and a follow up question) - what code looks at this >> canary? It is assigned to pthread_self()->canary, but I do not see >> any code inside musl itself that checks that value? A work in >> progress? Or does other code check this value? > > It's part of the stack-protector feature at the compiler level. gcc, > clang, and any other compilers that implement this feature generate > code to read the canary at the start of a function protected by stack > protector, store it between the saved return address and local > buffers, and check that it hasn't been clobbered before returning. I'm a bit confused by the code now. Is the canary intended to be per-thread or global? There's a copy in struct pthread. Also, would it make sense for musl to implement getauxval? If so, it might be nice to do something to avoid inadvertent misuse of the part of AT_RANDOM value used here. For example, musl could implement a trivial DRBG seeded by AT_RANDOM and replace the AT_RANDOM data with the first output from the DRBG at startup. Then getauxval users are safe and musl can also have a stream of decent random numbers for internal use. If you think this is a good idea, I could implement it. The main downside would be that it'll require some crypto primitive. There's already a SHA-256 implementation in musl that could be reused, but it would be a bit unfortunate to pull it in to all musl-linked static binaries. --Andy