Re: ProPolice/SSP in 7.0


On Sun, 30 Dec 2007, Jeremie Le Hen wrote:

Either I'm doing something wrong, or we have gcc misconfigured and it's not
detecting that strcpy is a function which needs to be watched closedly.

Actually, you did nothing wrong. Except maybe not wasting time to look
at GCC info page ;).

% `-fstack-protector'
% Emit extra code to check for buffer overflows, such as stack
% smashing attacks. This is done by adding a guard variable to
% functions with vulnerable objects. This includes functions that
% call alloca, and functions with buffers larger than 8 bytes. The
% guards are initialized when a function is entered and then checked
% when the function exits. If a guard check fails, an error message
% is printed and the program exits.

I believed it was possible to customize this threshold (I'm pretty sure
I've already seen such an option in some patch floating around GCC
community) but a quick glance a the source shows it is not possible
actually.

Regards,
--
Jeremie Le Hen

Ah, I went to the old propolice page and just read this description:

----
compiler option -fstack-protector-all, -fno-stack-protector-all enables and disables the protection of every function, not only the function with character array.
----

I apparently RTWrongFM. :)

Seems to me that the 8 character limit is probably some performance tradeoff compromise... from a security perspective I can't see why 8 byte arrays would be less likely to be used incorrectly than 9 byte arrays.

In any case, thanks for answering my question.

Mike "Silby" Silbersack
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"