From: Glenn Washburn <development@efficientek.com>
To: grub-devel@gnu.org, Daniel Kiper <dkiper@net-space.pl>
Cc: Chris Coulson <chris.coulson@canonical.com>,
Glenn Washburn <development@efficientek.com>
Subject: [PATCH] efi: Initialize canary to non-zero value
Date: Sat, 11 Nov 2023 21:23:42 -0600 [thread overview]
Message-ID: <20231112032342.2889770-1-development@efficientek.com> (raw)
The canary, __stack_chk_guard, is in the BSS and so will get initialized to
zero if it is not explicitly initialized. If the UEFI firmware does not
support the RNG protocol, then the canary will not be randomized and will
be used as zero. This seems like a possibly easier value to write by an
attacker. Initialize canary to static random bytes, so that it is still
random when there is not RNG protocol.
Signed-off-by: Glenn Washburn <development@efficientek.com>
---
grub-core/kern/efi/init.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c
index 0e28bea17a76..b85d98ca47fd 100644
--- a/grub-core/kern/efi/init.c
+++ b/grub-core/kern/efi/init.c
@@ -41,7 +41,7 @@ static grub_guid_t rng_protocol_guid = GRUB_EFI_RNG_PROTOCOL_GUID;
static grub_efi_uint8_t stack_chk_guard_buf[32];
-grub_addr_t __stack_chk_guard;
+grub_addr_t __stack_chk_guard = (grub_addr_t) 0x92f2b7e2f193b25c;
void __attribute__ ((noreturn))
__stack_chk_fail (void)
--
2.34.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
next reply other threads:[~2023-11-12 3:24 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-11-12 3:23 Glenn Washburn [this message]
2023-11-12 7:22 ` [PATCH] efi: Initialize canary to non-zero value Heinrich Schuchardt
2023-11-13 16:18 ` Daniel Kiper
2023-11-14 3:17 ` Glenn Washburn
2023-11-14 4:05 ` Dimitri John Ledkov
2023-11-18 21:02 ` Glenn Washburn
2023-11-18 21:01 ` Glenn Washburn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231112032342.2889770-1-development@efficientek.com \
--to=development@efficientek.com \
--cc=chris.coulson@canonical.com \
--cc=dkiper@net-space.pl \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.