From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6466 Path: news.gmane.org!not-for-mail From: Andy Lutomirski Newsgroups: gmane.linux.lib.musl.general Subject: Re: fixing -fPIE + -fstack-protector-all Date: Thu, 06 Nov 2014 18:10:10 -0800 Message-ID: <545C2A02.8090206@amacapital.net> References: <545A414F.8000407@barfooze.de> <20141105154303.GV22465@brightrain.aerifal.cx> <545B5F6D.4090108@opensource.dyc.edu> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1415326233 10857 80.91.229.3 (7 Nov 2014 02:10:33 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 7 Nov 2014 02:10:33 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-6479-gllmg-musl=m.gmane.org@lists.openwall.com Fri Nov 07 03:10:27 2014 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1XmZ0M-0004px-Hv for gllmg-musl@m.gmane.org; Fri, 07 Nov 2014 03:10:26 +0100 Original-Received: (qmail 12250 invoked by uid 550); 7 Nov 2014 02:10:25 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 12242 invoked from network); 7 Nov 2014 02:10:24 -0000 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=RaCGZ2MurXIsV1XGpws+TCnB1S7+w4WnHUDR4eqoQXA=; b=fiG5E+oSE0W0P74t79ODkTiyfo6PdRUUz7ld4+lL/b3TaSZ4hRLVZXZNQ0jR8LSayX 36elT0YWzJYZ2I5yoJtsfy7tAQ9XjvRZejhdjCJu6GJrccKyHzT8pmiQFCchE87PjNAx o1X6lpFANJ5AuY3OdoJeFAKMMhF1p3HVw/NJt0jtJEx5bPNrw143YXwvRz8nbUh7mrrt xiYAdYNDZxBm2gpROae/y4cRN7maQQj2XcrIw40MWT02PvWHciqVF54K6XPbZZ1hbWHQ BNPpX5J6htw50EJC0PGyFio8mg3k0KzYGWwE2Ez3cdogA1o7lrpx4iGXxUWS7WbK9ODt UzFw== X-Gm-Message-State: ALoCoQl+cFqTWo+KzxMZWJs9pqUx8CrM0kokrZZzhCgR6H7SqQ7krahcLlIDNfXR0mvkA911kFpe X-Received: by 10.70.7.130 with SMTP id j2mr8437028pda.75.1415326213218; Thu, 06 Nov 2014 18:10:13 -0800 (PST) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 In-Reply-To: <545B5F6D.4090108@opensource.dyc.edu> Xref: news.gmane.org gmane.linux.lib.musl.general:6466 Archived-At: On 11/06/2014 03:45 AM, Anthony G. Basile wrote: > On 11/05/14 10:43, Rich Felker wrote: >> On Wed, Nov 05, 2014 at 04:25:03PM +0100, John Spencer wrote: >>> using -fPIE + -fstack-protector-all is currently broken for a number >>> of architectures (most notably i386) in the default gcc setup >>> (including the musl-cross patches), as it depends on a >>> libssp_nonshared.a which provides __stack_chk_fail_local(). >> >> As discussed on IRC, I would _like_ to be able to simply add the >> following to crt/i386/crti.s: >> >> __stack_chk_fail_local: hlt >> >> and equivalent for other archs. This has the added benefit of >> effecting a crash without going through the PLT (whereas >> libssp_nonshared.a's __stack_chk_fail_local calls __stack_chk_fail via >> the PLT) so it's not vulnerable to attacks that have overwritten the >> GOT with malicious pointers. > > For what its worth, hardening in gentoo (PaX kernel + userland hardening > with relro and bindnow) tries to prevent this kind of attack by making > the GOT read only after initial linking. What does the PaX kernel have to do with this? --Andy