From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1757284AbdESVhI (ORCPT <rfc822;w@1wt.eu>);
        Fri, 19 May 2017 17:37:08 -0400
Received: from shelob.surriel.com ([96.67.55.147]:35595 "EHLO
        shelob.surriel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1757253AbdESVgx (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 May 2017 17:36:53 -0400
From: riel@redhat.com
To: linux-kernel@vger.kernel.org
Cc: danielmicay@gmail.com, tytso@mit.edu, keescook@chromium.org,
        hpa@zytor.com, luto@amacapital.net, mingo@kernel.org, x86@kernel.org,
        linux-arm-kernel@lists.infradead.org, catalin.marinas@arm.com,
        linux-sh@vger.kernel.org, ysato@users.sourceforge.jp
Subject: stackprotector: ascii armor the stack canary
Date: Fri, 19 May 2017 17:26:31 -0400
Message-Id: <20170519212636.30440-1-riel@redhat.com>
X-Mailer: git-send-email 2.9.3
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Zero out the first byte of the stack canary value on 64 bit systems,
in order to prevent unterminated C string overflows from being able
to successfully overwrite the canary, even if an attacker somehow
guessed or obtained the canary value.

Inspired by execshield ascii-armor and PaX/grsecurity.

Thanks to Daniel Micay for extracting code of similar functionality
from PaX/grsecurity and making it easy to find in his linux-hardened
git tree on https://github.com/thestinger/linux-hardened/