Re: [patch 2/5] Add the Kconfig option for the stackprotector feature

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Thierry Vignaud <tvignaud@mandriva.com>
To: "Paweł Sikora" <pluto@agmk.net>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [patch 2/5] Add the Kconfig option for the stackprotector feature
Date: Fri, 28 Jul 2006 19:56:20 +0200	[thread overview]
Message-ID: <m2psfpy5ob.fsf@vador2.mandriva.com> (raw)
In-Reply-To: <200607281913.37889.pluto@agmk.net> (Paweł Sikora's message of "Fri, 28 Jul 2006 19:13:37 +0200")

Paweł Sikora <pluto@agmk.net> writes:

> gcc supports stack protection at so called tree-level (it means it's
> architecture-independent). i've just tested a simple userland-code:
> 
> #include <stdlib.h>
> #include <string.h>
> int main()
> {
> 	char c;
> 	memset( &c, 0, 512 );
> 	return 0;
> }
> 
> and stack protection works fine on {ix86,x86-64,powerpc}-linux.
> i can test it on {alpha,sparc}-linux later but i'm pretty sure
> it'll work too on these archs.

$ gcc -v
Using built-in specs.
Target: x86_64-mandriva-linux-gnu
Configured with: ../configure --prefix=/usr --libexecdir=/usr/lib --with-slibdir=/lib64 --mandir=/usr/share/man --infodir=/usr/share/info --enable-shared --enable-threads=posix --enable-checking=release --enable-languages=c,c++,ada,fortran,objc,obj-c++,java --host=x86_64-mandriva-linux-gnu --with-cpu=generic --with-system-zlib --enable-long-long --enable-__cxa_atexit --enable-clocale=gnu --disable-libunwind-exceptions --enable-java-awt=gtk --with-java-home=/usr/lib/jvm/java-1.4.2-gcj-1.4.2.0/jre --enable-gtk-cairo --enable-ssp --disable-libssp
Thread model: posix
gcc version 4.1.1 20060724 (prerelease) (4.1.1-3mdk)
$ gcc  -fstack-protector t.c
$ ./a.out                   
zsh: segmentation fault  ./a.out

it segfaults if using "return 0" instead of "exit(0)" and only if
memset overwrote the stack

why? because, according to gcc man page, "This includes functions that
call alloca, and functions with buffers larger than 8 bytes."
once the stack is bigger, it does abort with "*** stack smashing
detected ***: <unknown> terminated" however.

thus this won't protect stacks of small functions... such as your
example...

next prev parent reply	other threads:[~2006-07-28 17:56 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1154102546.6416.9.camel@laptopd505.fenrus.org>
2006-07-28 16:03 ` [patch 1/5] Add comments to the PDA structure to annotate offsets Arjan van de Ven
2006-07-28 18:41   ` Andi Kleen
2006-07-28 18:43     ` Arjan van de Ven
2006-07-28 18:52       ` Andi Kleen
2006-07-28 18:57         ` Arjan van de Ven
2006-07-28 20:32         ` Arjan van de Ven
2006-07-28 16:03 ` [patch 2/5] Add the Kconfig option for the stackprotector feature Arjan van de Ven
2006-07-28 16:24   ` Daniel Walker
2006-07-28 16:27     ` Arjan van de Ven
2006-07-28 18:42       ` Andi Kleen
2006-07-28 18:49         ` Arjan van de Ven
2006-07-28 17:13     ` Paweł Sikora
2006-07-28 17:26       ` Arjan van de Ven
2006-07-28 17:56       ` Thierry Vignaud [this message]
2006-07-28 18:06         ` Paweł Sikora
2006-07-29 17:48   ` Adrian Bunk
2006-07-29 18:50     ` Andi Kleen
2006-07-29 18:57       ` Adrian Bunk
2006-07-29 19:04         ` Andi Kleen
2006-07-29 19:19           ` Adrian Bunk
2006-07-30 16:14             ` Valdis.Kletnieks
2006-07-30 16:49               ` Adrian Bunk
2006-07-31  2:06                 ` Valdis.Kletnieks
2006-07-30 17:47               ` Arjan van de Ven
2006-07-28 16:04 ` [patch 3/5] Add the canary field to the PDA area and the task struct Arjan van de Ven
2006-07-28 16:05 ` [patch 4/5] Add the __stack_chk_fail() function Arjan van de Ven
2006-07-28 16:05 ` [patch 5/5] Add the -fstack-protector option to the CFLAGS Arjan van de Ven
2006-07-28 18:45   ` Andi Kleen
2006-07-28 18:48     ` Arjan van de Ven
2006-07-28 19:00       ` Andi Kleen
2006-07-28 19:53         ` Arjan van de Ven
2006-07-28 21:26         ` Sam Ravnborg
2006-07-28 21:40           ` Arjan van de Ven
2006-07-28 21:58             ` Sam Ravnborg
2006-07-28 22:31               ` Arjan van de Ven
2006-07-28 23:05       ` Valdis.Kletnieks
2006-07-28 23:12         ` David Miller
2006-07-28 23:51           ` Valdis.Kletnieks
2006-07-29  7:41             ` Arjan van de Ven

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m2psfpy5ob.fsf@vador2.mandriva.com \
    --to=tvignaud@mandriva.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pluto@agmk.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox