From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/6469 Path: news.gmane.org!not-for-mail From: "Anthony G. Basile" Newsgroups: gmane.linux.lib.musl.general Subject: Re: Re: fixing -fPIE + -fstack-protector-all Date: Fri, 07 Nov 2014 07:16:54 -0500 Message-ID: <545CB836.6030000@opensource.dyc.edu> References: <545A414F.8000407@barfooze.de> <20141105154303.GV22465@brightrain.aerifal.cx> <545B5F6D.4090108@opensource.dyc.edu> <545C2A02.8090206@amacapital.net> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1415362520 12529 80.91.229.3 (7 Nov 2014 12:15:20 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 7 Nov 2014 12:15:20 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-6482-gllmg-musl=m.gmane.org@lists.openwall.com Fri Nov 07 13:15:13 2014 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1XmiRb-0002Vh-Js for gllmg-musl@m.gmane.org; Fri, 07 Nov 2014 13:15:11 +0100 Original-Received: (qmail 24290 invoked by uid 550); 7 Nov 2014 12:15:10 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 24276 invoked from network); 7 Nov 2014 12:15:10 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.8.0 In-Reply-To: <545C2A02.8090206@amacapital.net> Xref: news.gmane.org gmane.linux.lib.musl.general:6469 Archived-At: On 11/06/14 21:10, Andy Lutomirski wrote: > On 11/06/2014 03:45 AM, Anthony G. Basile wrote: >> On 11/05/14 10:43, Rich Felker wrote: >>> On Wed, Nov 05, 2014 at 04:25:03PM +0100, John Spencer wrote: >>>> using -fPIE + -fstack-protector-all is currently broken for a number >>>> of architectures (most notably i386) in the default gcc setup >>>> (including the musl-cross patches), as it depends on a >>>> libssp_nonshared.a which provides __stack_chk_fail_local(). >>> >>> As discussed on IRC, I would _like_ to be able to simply add the >>> following to crt/i386/crti.s: >>> >>> __stack_chk_fail_local: hlt >>> >>> and equivalent for other archs. This has the added benefit of >>> effecting a crash without going through the PLT (whereas >>> libssp_nonshared.a's __stack_chk_fail_local calls __stack_chk_fail via >>> the PLT) so it's not vulnerable to attacks that have overwritten the >>> GOT with malicious pointers. >> >> For what its worth, hardening in gentoo (PaX kernel + userland hardening >> with relro and bindnow) tries to prevent this kind of attack by making >> the GOT read only after initial linking. > > What does the PaX kernel have to do with this? > > --Andy > Overspoke. The userland stuff is sufficient to freeze the GOT. I was just tangentially thinking of PaX's enhanced aslr. -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197