ProPolice/SSP in 7.0
Jeremie Le Hen
jeremie at le-hen.org
Sun Dec 30 05:29:16 PST 2007
Hi,
On Fri, Dec 28, 2007 at 08:20:20PM -0600, Mike Silbersack wrote:
> Since the subject came up, I just tried using it, and it's not giving me the
> results I expected. Take the following program:
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <string.h>
>
> void overrun(void);
>
> int main(void)
> {
> overrun();
> }
>
> void overrun(void)
> {
> int x;
> char a[4];
> int y;
>
> strcpy(a, "ABCDE");
> printf("hi");
> }
>
> If I compile it like so:
> > cc -g -fstack-protector-all overrun.c
>
> The overrun is detected and the program is aborted.
> > ./a.out
> Abort (core dumped)
>
> But if I compile it like so:
> > cc -g -fstack-protector overrun.c
>
> The overrun is not caught.
> > ./a.out
> hi>
>
> Either I'm doing something wrong, or we have gcc misconfigured and it's not
> detecting that strcpy is a function which needs to be watched closedly.
Actually, you did nothing wrong. Except maybe not wasting time to look
at GCC info page ;).
% `-fstack-protector'
% Emit extra code to check for buffer overflows, such as stack
% smashing attacks. This is done by adding a guard variable to
% functions with vulnerable objects. This includes functions that
% call alloca, and functions with buffers larger than 8 bytes. The
% guards are initialized when a function is entered and then checked
% when the function exits. If a guard check fails, an error message
% is printed and the program exits.
I believed it was possible to customize this threshold (I'm pretty sure
I've already seen such an option in some patch floating around GCC
community) but a quick glance a the source shows it is not possible
actually.
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-security
mailing list