[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel][PATCH][RFC] _chk_fail and _chk canaries for minios and newlib


  • To: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
  • From: "George S. Coker, II" <gscoker@xxxxxxxxxxxxxx>
  • Date: Mon, 09 Mar 2009 14:28:22 -0500
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Mon, 09 Mar 2009 11:29:10 -0700
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>
  • Thread-index: Acmg5NOchhcve32mjESzpDpGcgfcew==
  • Thread-topic: [Xen-devel][PATCH][RFC] _chk_fail and _chk canaries for minios and newlib



On 3/9/09 1:13 PM, "Samuel Thibault" <samuel.thibault@xxxxxxxxxxxx> wrote:

> Hello,
> 
> George S. Coker, II, le Mon 09 Mar 2009 13:08:04 -0500, a écrit :
>> This patch implements a minios version of the stack_chk_fail from glibc.
>> fprintf_chk and sprintf_chk functions have been added to newlib.
> 
> Cool!  That'd be useful indeed.  I'm however wondering whether
> your patch is enough for the stack protection: in my memory, gcc
> assumes that the glibc is used, and on e.g. i386, it uses gs:(0x14)
> for the stack canary (see a disassembly of a program compiled with
> -fstack-protector-all, there's a mov %gs:0x14,%eax lying in functions),
> and as a result we need to define a proper gs in MiniOS that follows
> glibc's tcbhead_t.
> 
It probably isn't enough.  It's more of a stub to make the linker and
libraries happy.  I can work on a more proper patch, but I was a little
uncertain about the split between minios and newlib.  It's just not clear
where to add new funcs because of the out-of-tree dependency on newlib.

> The fortified printfs should be fine.
> 
> Samuel

-- 
George S. Coker, II <gscoker@xxxxxxxxxxxxxx>



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.