cvs commit: hints propolice.txt

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Wed Dec 3 10:28:40 PST 2003


tushar      03/12/03 11:28:40

  Modified:    .        propolice.txt
  Log:
  Updated: propolice.txt
  
  Revision  Changes    Path
  1.8       +85 -49    hints/propolice.txt
  
  Index: propolice.txt
  ===================================================================
  RCS file: /home/cvsroot/hints/propolice.txt,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -u -u -r1.7 -r1.8
  --- propolice.txt	22 Nov 2003 20:55:56 -0000	1.7
  +++ propolice.txt	3 Dec 2003 18:28:40 -0000	1.8
  @@ -1,10 +1,10 @@
   AUTHOR: Robert Connolly <cendres at videotron dot ca> (ashes)
   
  -DATE:   2003-11-21
  +DATE:   2003-12-01
   
   LICENSE:        Public Domain
   
  -SYNOPSIS:       ProPolice - Bullet proofing the penguin.
  +SYNOPSIS:       ProPolice - Smashing Stack Protector (ssp)
   
   PRIMARY URI:	http://www.topside.org/~ashes/
   
  @@ -21,9 +21,8 @@
   
   	Introduction
   	Downloads
  -	Installation examples
  +	Installation
   	Testing ProPolice
  -	Installing Grub
   	Feedback
   	Acknowledgments
   
  @@ -34,10 +33,10 @@
   ProPolice protects the return address on the stack from being overwritten, with
   minimal time and space overhead. It is a security extension for GCC available
   for C and C++. This guard protects against the largest class of attacks, but is
  -not total protection. With local access it does not take a rocket scientist to
  -bypass the ProPolice guard. It does nothing to protect the heap, and ProPolice
  -does not protect functions containing arrays of length 7 or less. ProPolice will
  -however protect against most preconstructed remote exploits.
  +not total protection, and primarily protects against remote attacks. It does
  +nothing to protect the heap, and ProPolice does not protect functions containing
  +arrays of length 7 or less. ProPolice will however protect against many
  +preconstructed remote exploits.
   
   The patch will add -fstack-protector and -fno-stack-protector to GCC's
   extensions. It is reccomended the entire system be built with -fstack-protector,
  @@ -45,67 +44,108 @@
   Gnat/Ada need to be built with -fno-stack-protector. Programs compiled with
   this which are run in chroot will need access to /dev/urandom and for logging
   /dev/log (syslog puts it in/var/log/sys.log). Optimizing more then -O2 may
  -optimize away things (this may be a problem with software like openssh which uses
  --O3 by default). You can expect two new errors from binutils tests, and one from
  -gcc's test suite as follows.
  -
  -From binutils:
  -FAIL: S-records
  -FAIL: S-records with constructors
  +optimize away things propolice needs. You can expect one new error from gcc's
  +testsuite as follows.
   
   From gcc3
   FAIL: gcc.dg/asm-names.c (test for excess errors)
   
   These are known ProPolice bugs, and I have been told by their developers they
  -can be safely ignored.
  +can be safely ignored. I have tested propolice on kernel 2.4 and 2.6, and libc
  +linuxthreads and nptl, it should work with any custom configuration you may
  +have.
   
   =========
   Downloads
   =========
  -
  -Patches are available for GCC 2.95.3, 3.2.3, 3.3, 3.3.1, and 3.3.2.
  -The protector_only patches will make GCC use -fstack-protector all the time.
  -
   This site isn't very reliable, use it if you can. These patches are bziped.
   http://www.topside.org/~ashes/files/protector/patches/
   
  +Patches are available for GCC 2.95.3, 3.2.3, 3.3, 3.3.1, and 3.3.2.
  +The protector_only patches will make GCC use -fstack-protector all the time.
   http://www.linuxfromscratch.org/patches/downloads/gcc/ \
           gcc-{$ver}-protector.patch
   http://www.linuxfromscratch.org/patches/downloads/gcc/ \
           gcc-{$ver}-protector_only.patch
   
  +This patch enables the kernel to be built with -fstack-protector. The 2.4 patch
  +works on 2.4.20-23.
  +http://www.linuxfromscratch.org/patches/downloads/linux/ \
  +	linux-2.4.20-propolice.patch
  +or
  +	linux-2.6.0-propolice.patch
  +
  +This patch moves functions to Glibc for a better handling of -static.
  +http://www.linuxfromscratch.org/patches/downloads/glibc/ \
  +	glibc-2.3.2-propolice-guard-functions.patch
  +or
  +	glibc-2.3.3-propolice-guard-functions.patch
  +
  +After the propolice patched Glibc is installed, use this patch on the next GCC
  +builds to activate it (instructions below). It will work on GCC 3.2 and 3.3.
  +http://www.linuxfromscratch.org/patches/downloads/glibc/ \
  +	gcc-3.2.3-move-propolice-into-glibc.patch
  +
   Use this patch when building xfree86. It will use -fno-stack-protector when
   building modules.
   http://www.linuxfromscratch.org/patches/downloads/XFree86/ \
           XFree86-4.3.0-protector.patch
   
  -
   =====================
  -Installation examples
  +Installation
   =====================
   
  -# This patch can be applied everytime GCC is built.
  -# The GCC core is the only required component.
  +---------
  +Chapter 5
  +---------
  +# GCC pass 1
  +patch -Np1 -i ../gcc-3.3.2-protector.patch
  +
  +# Glibc
  +patch -Np1 -i ../glibc-2.3.2-propolice-guard-functions.patch
  +
  +# GCC pass 2
  +# Using the _only patch is optional but reccomended at this stage.
  +patch -Np1 -i ../gcc-3.3.2-protector_only.patch
  +patch -Np1 -i ../gcc-3.2.3-move-propolice-into-glibc.patch
  +
  +# Binutils pass 2
  +# There is a propolice bug in the testsuite. Do this to pass the tests.
  +make CFLAGS="-fno-stack-protector -O2" check
  +
  +---------
  +Chapter 6
  +---------
  +# Glibc
  +patch -Np1 -i ../glibc-2.3.2-propolice-guard-functions.patch
  +
  +# Binutils
  +make CFLAGS=-fno-stack-protector check
  +
  +# GCC
  +patch -Np1 -i ../gcc-3.3.2-protector_only.patch
  +patch -Np1 -i ../gcc-3.2.3-move-propolice-into-glibc.patch
  +
  +# Grub
  +# After ./configure --prefix=/usr replace "make" with this.
  +make CFLAGS=-fno-stack-protector
  +
  +# GCC 2.95.3
  +patch -Np1 -i ../gcc-2.95.3-protector.patch
  +
  +---------
  +Chapter 8
  +---------
  +Linux kernel
   
  -tar jxf gcc-core-3.3.tar.bz2 &&
  -cd gcc-3.3.1 &&
  -patch -Np1 -i ../gcc-3.3-protector.patch
  +make mrproper
  +patch -Np1 -i ../linux-2.4.20-propolice.patch
   
   =================
   Testing ProPolice
   =================
   
  -# First two simple tests.
  -
  -gcc -S -fstack-protector hello.c &&
  -cat hello.s | grep stack_smash &&
  -rm hello.s
  ------------
  -gcc -fstack-protector hello.c &&
  -objdump -d a.out | grep stack_smash &&
  -rm a.out
  -
  -# This program overflows the stack.
  +## This program overflows the stack.
   
   cat > test-propolice.c << "EOF"
   /* test-propolice.c */
  @@ -132,7 +172,8 @@
   # test-propolice[19961]: [ID 702911 auth.crit] stack smashing attack in function
   # main
   
  -# This program segfaults and the gaurd ignores it.
  +## This program segfaults and the gaurd ignores it. Libsafe would catch this if
  +# we had it installed (comming soon).
   
   cat > fail.c << "EOF"
   #include <stdio.h>
  @@ -158,16 +199,6 @@
   # before foo()
   # Segmentation fault
   
  -================
  -Installing Grub
  -================
  -
  -Grub and ProPolice do not get along. 
  -After ./configure --prefix=/usr in Grub chapter 6 replace "make" with this, and
  -continue to install it after.
  -
  -make CFLAGS=-fno-stack-protector
  -
   ========
   Feedback
   ========
  @@ -188,6 +219,7 @@
   	http://www.netsys.com/cgi-bin/display_article.cgi?1266
   * Thanks to securityfocus.com and immunix.com for this
   	http://www.securityfocus.com/archive/1/333986/2003-08-17/2003-08-23/2
  +* Thanks to adamantix.org for kernel patches. http://www.adamantix.org/
   
   CHANGELOG:
   [2003-10-18]
  @@ -218,3 +250,7 @@
   * Reformat patches.
   * Add homepage/mirror url.
   * Small edit.
  +[2003-12-01]
  +* Added Glibc and kernel patches.
  +* Rewrote install procedure.
  +
  
  
  



More information about the hints mailing list