This is the mail archive of the
libc-ports@sources.redhat.com
mailing list for the libc-ports project.
Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
- From: Will Newton <will dot newton at linaro dot org>
- To: "Carlos O'Donell" <carlos at redhat dot com>
- Cc: "libc-ports at sourceware dot org" <libc-ports at sourceware dot org>
- Date: Thu, 26 Sep 2013 16:39:28 +0100
- Subject: Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
- Authentication-results: sourceware.org; auth=none
- References: <52444A27 dot 7050500 at redhat dot com>
On 26 September 2013 15:52, Carlos O'Donell <carlos@redhat.com> wrote:
Hi Carlos,
> The fix for CVE-2013-4788 (bug 15754) contains a regression
> test to ensure that the pointer guard is both random and
> changes between processes.
>
> In order to create the test it was necessary to add a new
> accessor macro POINTER_CHK_GUARD to allow the regression
> test to locate and read the pointer guard value from outside
> of the library.
>
> I have added a POINTER_CHK_GUARD implementation for *all*
> machines. You need not do any work at this point. However,
> for some machines I wrote the implementation without testing
> it e.g. stack guard was just before pointer guard so
> POINTER_CHK_GUARD is the same code with a different offset.
>
> My request is that you run the testsuite and verify that
> tst-ptrguard1 and tst-ptrguard1-static pass. If they don't
> pass please email me and we can work out what might be
> wrong with your POINTER_CHK_GUARD implementation.
I noticed that alpha does something strange in this regard.
ports/sysdeps/unix/alpha/sysdep.h:
/* There exists generic C code that assumes that PTR_MANGLE is always
defined. When generating code for the static libc, we don't have
__pointer_chk_guard defined. Nor is there any place that would
initialize it if it were defined, so there's little point in doing
anything more than nothing. */
# ifndef __ASSEMBLER__
# define PTR_MANGLE(var)
# define PTR_DEMANGLE(var)
# endif
This looks like in the static case alpha will not benefit from the new
fix. I don't have an alpha toolchain or any particular knowledge of
alpha to verify that though.
--
Will Newton
Toolchain Working Group, Linaro