Re: ProPolice/SSP in 7.0

On Sun, 30 Dec 2007, Jeremie Le Hen wrote:

>>  Either I'm doing something wrong, or we have gcc misconfigured and it's not
>>  detecting that strcpy is a function which needs to be watched closedly.
>
> Actually, you did nothing wrong.  Except maybe not wasting time to look
> at GCC info page ;).
>
> % `-fstack-protector'
> %      Emit extra code to check for buffer overflows, such as stack
> %      smashing attacks.  This is done by adding a guard variable to
> %      functions with vulnerable objects.  This includes functions that
> %      call alloca, and functions with buffers larger than 8 bytes.  The
> %      guards are initialized when a function is entered and then checked
> %      when the function exits.  If a guard check fails, an error message
> %      is printed and the program exits.
>
> I believed it was possible to customize this threshold (I'm pretty sure
> I've already seen such an option in some patch floating around GCC
> community) but a quick glance a the source shows it is not possible
> actually.
>
> Regards,
> -- 
> Jeremie Le Hen

Ah, I went to the old propolice page and just read this description:

----
compiler option -fstack-protector-all, -fno-stack-protector-all enables 
and disables the protection of every function, not only the function with 
character array.
----

I apparently RTWrongFM. :)

Seems to me that the 8 character limit is probably some performance 
tradeoff compromise... from a security perspective I can't see why 8 byte 
arrays would be less likely to be used incorrectly than 9 byte arrays.

In any case, thanks for answering my question.

Mike "Silby" Silbersack
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"