propolice support for linux

[Han Boetes <han@mijncomputer.nl>]

Hi,

The propolice gcc-extension prevents buffer-overflows in binaries:

  http://www.research.ibm.com/trl/projects/security/ssp/

The effect is that all buffer-overflow exploits are turned into a
-- logged -- Denial of service.

And since most of the security-flaws in linux are buffer-overflows
I would like to request that a patch based on this one is applied
to the kernel so people can use this extension by default.


Note: The propolice-patch for gcc-3.3.2 also applies fine to
      gcc-3.3.5
Note: glibc from CVS already supports propolice.
Note: OpenBSD is fully compiled with propolice.


  http://frogger974.homelinux.org/propolice/linux-2.6.3-ssp-config-1.patch

diff -urN linux-2.6.3/Makefile linux-2.6.3.ssp/Makefile
--- linux-2.6.3/Makefile	2004-02-17 22:58:39.000000000 -0500
+++ linux-2.6.3.ssp/Makefile	2004-03-03 10:20:29.000000000 -0500
@@ -442,6 +442,10 @@
 CFLAGS		+= -fomit-frame-pointer
 endif
 
+ifdef CONFIG_HARDENED_SSP
+CFLAGS += -fstack-protector
+endif
+
 ifdef CONFIG_DEBUG_INFO
 CFLAGS		+= -g
 endif
diff -urN linux-2.6.3/include/linux/kernel.h linux-2.6.3.ssp/include/linux/kernel.h
--- linux-2.6.3/include/linux/kernel.h	2004-02-17 22:57:11.000000000 -0500
+++ linux-2.6.3.ssp/include/linux/kernel.h	2004-03-03 10:08:10.000000000 -0500
@@ -115,6 +115,10 @@
 #define TAINT_FORCED_RMMOD		(1<<3)
 
 extern void dump_stack(void);
+#ifdef CONFIG_HARDENED_SSP
+extern int __guard;
+extern void __stack_smash_handler(int, char []);
+#endif
 
 #ifdef DEBUG
 #define pr_debug(fmt,arg...) \
Files linux-2.6.3/lib/.propolice.c.swp and linux-2.6.3.ssp/lib/.propolice.c.swp differ
diff -urN linux-2.6.3/lib/Makefile linux-2.6.3.ssp/lib/Makefile
--- linux-2.6.3/lib/Makefile	2004-02-17 22:57:14.000000000 -0500
+++ linux-2.6.3.ssp/lib/Makefile	2004-03-03 13:47:27.000000000 -0500
@@ -20,6 +20,8 @@
 obj-$(CONFIG_ZLIB_INFLATE) += zlib_inflate/
 obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate/
 
+obj-$(CONFIG_HARDENED_SSP) += propolice.o
+
 host-progs	:= gen_crc32table
 clean-files	:= crc32table.h
 
diff -urN linux-2.6.3/lib/propolice.c linux-2.6.3.ssp/lib/propolice.c
--- linux-2.6.3/lib/propolice.c	1969-12-31 19:00:00.000000000 -0500
+++ linux-2.6.3.ssp/lib/propolice.c	2004-03-03 17:52:48.000000000 -0500
@@ -0,0 +1,15 @@
+#include <linux/module.h>
+#include <linux/errno.h>
+
+EXPORT_SYMBOL_NOVERS(__guard);
+EXPORT_SYMBOL_NOVERS(__stack_smash_handler);
+ 
+int __guard = '\0\0\n\777';
+ 
+void 
+__stack_smash_handler (int damaged, char func[])
+{
+	static char *message = "propolice detects %x at function %s.\n" ;
+	panic (message, damaged, func);
+}
+
diff -urN linux-2.6.3/security/Kconfig linux-2.6.3.ssp/security/Kconfig
--- linux-2.6.3/security/Kconfig	2004-02-17 22:58:44.000000000 -0500
+++ linux-2.6.3.ssp/security/Kconfig	2004-03-03 13:50:30.000000000 -0500
@@ -46,5 +46,11 @@
 
 source security/selinux/Kconfig
 
+config HARDENED_SSP
+	bool 'Hardened ProPolice SSP build support'
+	help
+	  This enables kernel building with stack-smashing protection
+	  via the -fstack-protector GCC flag.
+
 endmenu
 


# Han