This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: stack guard updating source

From: Sergey Melnikov <sergey dot devel at gmail dot com>
To: Andrew Pinski <pinskia at gmail dot com>
Cc: libc-alpha at sourceware dot org, Roland McGrath <roland at hack dot frob dot com>, Mike Frysinger <vapier at gentoo dot org>
Date: Tue, 6 Nov 2012 10:04:32 +0400
Subject: Re: stack guard updating source
References: <CAOGNF=nX0AsKekYdzU5ugshitZg+FXHC=0TxiBFu8uYQrE_6TQ@mail.gmail.com><20121009204443.083392C0A7@topped-with-meat.com><CAOGNF==05YA0LAmm_1VsQuDfSrqGkFmmvhN+FwzhsnH6xp0org@mail.gmail.com><201210101407.27556.vapier@gentoo.org><CAOGNF==3HbdhVxBszCUbsOin=gjbdqf9mfvepwPOi7+Xs4ELTQ@mail.gmail.com><CA+=Sn1k3ucyTmT0PiAfr2fOHJuT4S4f4kvj6nf=qnPj9HZ0TWQ@mail.gmail.com><CAOGNF==mcyFJfZ4jZN=H24igU4boCY0Mwtr6ZM_JarwBit4Kbg@mail.gmail.com>

Is it necessary? Is makes glibc more secure.
Any additional idea?

2012/10/29 Sergey Melnikov <sergey.devel@gmail.com>:
> I think we can redefine THREAD_COPY_STACK_GUARD macro, which used in
> __pthread_create_2_1 function.
> This macro has value:
> #define THREAD_COPY_STACK_GUARD(descr) \
>   ((descr)->header.stack_guard                                                \
>    = THREAD_GETMEM (THREAD_SELF, header.stack_guard))
>
> We can override macro for reading new random value from /dev/random,
> it target supports it:
>
> #define THREAD_COPY_STACK_GUARD(descr) \
>   ((descr)->header.stack_guard                                                \
>    = get_new_guard_value(header.stack_guard)
>
> Also, I'll implement function get_new_guard_value (reading new random
> value from /dev/urandom).
>
> Changes don't change the previous semantics. I think, changes don't
> affect setcontent/getcontent. Am I right?
>
>
> 2012/10/26 Andrew Pinski <pinskia@gmail.com>:
>> On Fri, Oct 26, 2012 at 1:24 AM, Sergey Melnikov <sergey.devel@gmail.com> wrote:
>>> Is is necessary to implement guard value randomization for every
>>> thread? It will be more securely.
>>
>> I don't think that will work correctly with things like
>> setcontent/getcontent and threads then.
>>
>> Thanks,
>> Andrew
>>
>>
>>>
>>> 2012/10/10 Mike Frysinger <vapier@gentoo.org>:
>>>> On Wednesday 10 October 2012 02:12:41 Sergey Melnikov wrote:
>>>>> The guard value is identical for any thread, the guard value isn't
>>>>> thread specific.
>>>>
>>>> please re-read what Roland said.  the gs:0x14 access is purely for speed, not
>>>> because we want the value to be different for each thread.
>>>> -mike

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]