Re: ProPolice/SSP in 7.0

Hi,

On Fri, Dec 28, 2007 at 08:20:20PM -0600, Mike Silbersack wrote:
Since the subject came up, I just tried using it, and it's not giving me the
results I expected. Take the following program:

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void overrun(void);

int main(void)
{
overrun();
}

void overrun(void)
{
int x;
char a[4];
int y;

strcpy(a, "ABCDE");
printf("hi");
}

If I compile it like so:
cc -g -fstack-protector-all overrun.c

The overrun is detected and the program is aborted.
./a.out
Abort (core dumped)

But if I compile it like so:
cc -g -fstack-protector overrun.c

The overrun is not caught.
./a.out
hi>

Either I'm doing something wrong, or we have gcc misconfigured and it's not
detecting that strcpy is a function which needs to be watched closedly.

Actually, you did nothing wrong. Except maybe not wasting time to look
at GCC info page ;).

% `-fstack-protector'
% Emit extra code to check for buffer overflows, such as stack
% smashing attacks. This is done by adding a guard variable to
% functions with vulnerable objects. This includes functions that
% call alloca, and functions with buffers larger than 8 bytes. The
% guards are initialized when a function is entered and then checked
% when the function exits. If a guard check fails, an error message
% is printed and the program exits.

I believed it was possible to customize this threshold (I'm pretty sure
I've already seen such an option in some patch floating around GCC
community) but a quick glance a the source shows it is not possible
actually.

Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Message Queues
    ... The error is occuring because your sender deletes the message queue ... gcc it's "gcc -Wall".) ... >void error_msg ... >int main ...
    (comp.unix.programmer)
  • Re: Question about variable scope conflict
    ... void compare{ ... int main{ ... eliminate your use of file scope objects. ... You seem to be using gcc, so try the -Wshadow switch; ...
    (comp.lang.c)
  • Re: compiling error
    ... Kapteyn's Star said: ... The program here given is refused by GCC with a error i cannot ... void open_file ... int buf; ...
    (comp.lang.c)
  • Help in Java swings(internal Frame)
    ... public int getSize() ... public void valueChanged{ ... private JScrollPane scrollPane1; ... public class PeakContainer extends JInternalFrame ...
    (comp.lang.java.programmer)
  • [PATCH] get rid if __cpuinit and __cpuexit
    ... unsigned long action, void *hcpu) ... unsigned int cpu = hcpu; ... -static int __cpuinit ... __cpu_up(unsigned int cpu) ...
    (Linux-Kernel)