cvs commit: hints winter.txt

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Tue Dec 23 15:46:41 PST 2003


tushar      03/12/23 16:46:41

  Modified:    .        winter.txt
  Log:
  Updated winter.txt
  
  Revision  Changes    Path
  1.2       +54 -50    hints/winter.txt
  
  Index: winter.txt
  ===================================================================
  RCS file: /home/cvsroot/hints/winter.txt,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -u -r1.1 -r1.2
  --- winter.txt	21 Dec 2003 00:06:12 -0000	1.1
  +++ winter.txt	23 Dec 2003 23:46:41 -0000	1.2
  @@ -1,12 +1,12 @@
   AUTHOR: Robert Connolly <cendres at videotron dot ca> (ashes)
   
  -DATE:   2003-12-20
  +DATE:   2003-12-21
   
   LICENSE:        Public Domain
   
   SYNOPSIS:       ProPolice + Libsafe + Pax + PIE
   
  -PRIMARY URI:	http://www.topside.org/~ashes/
  +PRIMARY URL:	ftp://twocents.mooo.com/pub/
   
   DESCRIPTION:
   ProPolice is a C and C++ security extension for GCC.
  @@ -14,10 +14,10 @@
   executed by applications.
   Pax is a kernel patch which adds obscurity and lessens the vulnerability of
   attacks.
  -PIE is a gcc-3.4 backport to enable Position Independent Executables, which
  +PIE is a gcc-3.4 back port to enable Position Independent Executables, which
   takes advantage of Pax.
  -The combination of these provide powerfull security features in the toolchain.
  -All of the above can work independently of eachother.
  +The combination of these provide powerful security features in the tool chain.
  +All of the above can work independently of each other.
   
   PREREQUISITES: LFS-5.0
   
  @@ -41,40 +41,40 @@
   ============
   Introduction
   ============
  -On my desktop, 800mhz duron 512mb ram, I get one gcc error total from following
  +On my desktop, 800MHz Duron 512MB ram, I get one gcc error total from following
   this hint.
  -The cvs LFS book is reccomended at this time.
  +The cvs LFS book is recommended at this time.
   
   ----------------------------------
  -Propolice Smashing Stack Protector
  +ProPolice Smashing Stack Protector
   ----------------------------------
   -The good news:
   
  -Based on StackGaurd, Propolice was developed by IBM for protecting applications
  -from stack smashing attcks. This is the single largest class of attacks and many
  -hope Propolice will find its way into the mainstream GCC and become the default
  -smash gaurd. This protection uses the urandom device to determine the gaurd
  -value, and uses minimal time and space overhead. In practice users do not
  -complain about loss in system preformance even when the entire system is build
  -with this gaurd.
  +Based on StackGaurd, ProPolice was developed by IBM for protecting applications
  +from stack smashing attacks. This is the single largest class of attacks and
  +many hope ProPolice will find its way into the mainstream GCC and become the
  +default smash guard. This protection uses the urandom device to determine the
  +guard value, and uses minimal time and space overhead. In practice users do not
  +complain about loss in system performance even when the entire system is build
  +with this guard.
   
   The patch will add -fstack-protector-all, -fstack-protector, and
  --fno-stack-protector to GCC's extensions for C and C++; and
  +-fno-stack-protector to GCC extensions for C and C++; and
   __guard_setup and __stack_smash_handler are defined in libgcc2.c. It is
  -reccomended the entire system be built with -fstack-protector, with the
  +recommended the entire system be built with -fstack-protector, with the
   exception of Grub. Programs compiled with this which are run in chroot will
   need access to /dev/urandom and for logging /dev/log. Syslog puts it in
   /var/log/sys.log where intrusion detection can use it.
  -I have tested propolice on kernel 2.4 and 2.6, and libc linuxthreads and nptl.
  +I have tested ProPolice on kernel 2.4 and 2.6, and libc linuxthreads and nptl.
   It should work with any custom configuration you may have.
   
   -The bad news:
   
  -Propolice assumes only character arrays are dangerous, and does not protect
  -arrays of length 7 or less. Propolice does nothing to protect the heap.
  -Optimizing more then -O2 may optimize away things propolice needs.
  +ProPolice assumes only character arrays are dangerous, and does not protect
  +arrays of length 7 or less. ProPolice does nothing to protect the heap.
  +Optimizing more then -O2 may optimize away things ProPolice needs.
   
  -You can expect one error from gcc3's testsuite.
  +You can expect one error from gcc3 test suite.
   FAIL: gcc.dg/asm-names.c (test for excess errors)
   
   --------
  @@ -86,12 +86,12 @@
   vulnerabilities. Though not widely used it has been widely tested. This
   protection can be installed on an already running system, using ld.so.preload
   to watch applications at runtime for functions which are known to be vulnerable.
  -This of course only protects dynamicly linked applications. There should not be
  -a noticable preformance decrease, and it also logs to syslog.
  +This of course only protects dynamically linked applications. There should not
  +be a noticeable performance decrease, and it also logs to syslog.
   
   -The bad news:
   
  -We get some errors if we install libsafe early in the build.
  +We get some errors if we install Libsafe early in the build.
   From gcc3
   FAIL: g++.dg/expr/anew1.C execution test
   FAIL: g++.dg/expr/anew2.C execution test
  @@ -102,7 +102,7 @@
   FAIL: S-records
   FAIL: S-records with constructors
   
  -To avoid these errors we install libsafe after gcc in chapter 6.
  +To avoid these errors we install Libsafe after gcc in chapter 6.
   Other bad news is unknown.
   
   ----
  @@ -111,6 +111,7 @@
   -The good news:
   TODO
   -The bad news:
  +This hint does not use any enforcement.
   Unknown
   
   ----
  @@ -119,7 +120,7 @@
   -The good news:
   TODO
   -The bad news:
  -This currently only works using a gcc-3.4 backport. It also needs Glibc-2.3.3
  +This currently only works using a gcc-3.4 back port. It also needs Glibc-2.3.3
   (cvs) to work.
   This also requires a binutils which understands -pie.
   X, kde, and others, do not like building with gcc -pie. They can still be
  @@ -129,11 +130,8 @@
   Downloads
   =========
   ----------
  -Propolice
  +ProPolice
   ----------
  -This site isn't very reliable, use it if you can.
  -http://www.topside.org/~ashes/files/
  -or
   ftp://twocents.mooo.com/pub/
   
   Patches are available for GCC 2.95.3, 3.3.1, and 3.3.2.
  @@ -194,8 +192,9 @@
   --------------------
   Full Bounds Checking
   --------------------
  -This is an auditing tool to give verbose debugging. Applications built with thiswill run like a pig. This is not intended for real world use, only for
  -debugging. -fbounds-checking is added to gcc's extentions, and is not used by
  +This is an auditing tool to give verbose debugging. Applications built with this
  +will run like a pig. This is not intended for real world use, only for
  +debugging. -fbounds-checking is added to GCC extensions, and is not used by
   default.
   Official site:
   http://web.inter.nl.net/hcc/Haj.Ten.Brugge/ \
  @@ -215,7 +214,7 @@
   Glibc-cvs
   ----------
   # You only need this for PIE.
  -# Like the nptl hint shows. Get glibc-cvs like this.
  +# Like the nptl hint shows. Get Glibc-cvs like this.
   cvs -d :pserver:anoncvs at sources.redhat.com:/cvs/glibc -z3 co libc &&
   mv libc glibc-2.3-`date +%Y%m%d` &&
   tar cjf glibc-2.3-`date +%Y%m%d`.tar.bz2 glibc-2.3-`date +%Y%m%d` &&
  @@ -224,7 +223,7 @@
   =====================
   Installation
   =====================
  -Propolice and libsafe can be used effectively on LFS-5.0. If you want to use PIE
  +ProPolice and Libsafe can be used effectively on LFS-5.0. If you want to use PIE
   you need to get a copy of glibc-2.3.3-cvs, and binutils-2.14.90.0.7 or later.
   
   ---------
  @@ -233,32 +232,32 @@
    - Binutils
   Install binutils-2.14.90.0.7 just like the book says.
   Bison, m4, and flex need to be installed in chapter 5 to satisfy this version of
  -binutils.
  +Binutils.
   
    - GCC pass 1
  -If this is your second round with propolice, and the host system is running
  +If this is your second round with ProPolice, and the host system is running
   protector_only, you can use the protector_only patch in GCC pass 1. If it's your
   second round with PIE, you can use the PIE patch in gcc pass 1 also.
   The old version of this hint used a move to glibc patch which I have removed. I
  -don't think its nessesary. In order to escape it do not patch at this stage,
  +don't think its necessary. In order to escape it do not patch at this stage,
   prepend CFLAGS="-fno-stack-protector -O2" to configure, and append it to make.
   This will work out after glibc is installed.
   
    - Glibc-cvs
   No need for the scanf patch with glibc-cvs. Add --enable-add-ons=linuxthreads to
   configure. This also works with nptl. Make check should pass with no errors. If
  -you have libsafe on the host system you might want to remove "/lib/libsafe.so.2"
  +you have Libsafe on the host system you might want to remove "/lib/libsafe.so.2"
   from /etc/ld.so.preload just for glibc, and add it back after glibc is
  -installed. This is not because of a libsafe violation, but libsafe will cause
  +installed. This is not because of a Libsafe violation, but Libsafe will cause
   the glibc build to fail.
   
    - GCC pass 2
   Auditors might want to install gcc-3.3.2-bounds-plus-pie-1.patch, or
   gcc-3.3.2-bounds-checking-1.patch. The the patch contains instructions about its
  -use. Use the gcc-3.3.2.tar.bz2 tarball to keep the patch from complaining.
  -The Bounds Checking patch and PIE are merged, if applied seperatly they conflict
  -on one file. If you're using PIE you should see "checking linker position
  -independent executable support... yes" durring configure.
  +use. Use the gcc-3.3.2.tar.bz2 tar ball to keep the patch from complaining.
  +The Bounds Checking patch and PIE are merged, if applied separately they
  +conflict on one file. If you're using PIE you should see "checking linker
  +position independent executable support... yes" during configure.
   
   patch -Np1 -i ../gcc-3.3.2-protector_only-2.patch
   patch -Np1 -i ../gcc-3.3.2-pie-1.patch
  @@ -267,7 +266,7 @@
   env CFLAGS="-pie -O2" ../binutils-2.14.90.0.7/configure \
   	 --prefix=/tools --enable-shared --with-lib-path=/tools/lib &&
   env CFLAGS="-pie -O2" make
  -# There is a propolice, and PIE bug in the testsuite. Do this to pass the tests.
  +# There is a ProPolice, and PIE bug in the test suite. Do this to pass the tests.
   make CFLAGS="-fno-stack-protector -O2" check
   
   # And now we have "shared object" because of -pie.
  @@ -304,7 +303,7 @@
   patch -Np1 -i ../gcc-3.3.2-pie-1.patch
   
   # Libsafe
  -# There are tests in the libsafe source you should look at.
  +# There are tests in the Libsafe source you should look at.
   make &&
   make install
   
  @@ -355,7 +354,6 @@
   Chapter 8
   ---------
   Linux kernel
  -Choose all the Pax kernel options.
   
   make mrproper &&
   patch -Np1 -i ../linux-2.4.23-propolice-1.patch &&
  @@ -363,6 +361,8 @@
   
   make menuconfig
   
  +Don't use "Enforce non-executable pages" or you wont be able to login after.
  +
   make CC="/opt/gcc-2.95.3/bin/gcc -fstack-protector" dep
   make CC="/opt/gcc-2.95.3/bin/gcc -fstack-protector" bzImage
   make CC="/opt/gcc-2.95.3/bin/gcc -fstack-protector" modules
  @@ -393,7 +393,7 @@
   gcc -fstack-protector -o test-propolice test-propolice.c &&
   ./test-propolice
   
  -# That should return this to show the gaurd is working.
  +# That should return this to show the guard is working.
   # "stack smashing attack in function main"
   
   # You should also see a syslog message similar to this:
  @@ -401,7 +401,7 @@
   # test-propolice[19961]: [ID 702911 auth.crit] stack smashing attack in function
   # main
   
  -# This program segfaults and the gaurd ignores it.
  +# This program segfaults and the guard ignores it.
   
   cat > fail.c << "EOF"
   #include <stdio.h>
  @@ -449,7 +449,7 @@
   * Thanks to the Pax Team at http://pageexec.virtualave.net/
   * Thanks to Teemu Tervo for nptl hint
   	http://www.linuxfromscratch.org/hints/downloads/files/nptl.txt
  -* Thanks to crosscompiling hint
  +* Thanks to cross compiling hint
   	http://www.linuxfromscratch.org/hints/downloads/files/ \
   		crosscompiling-x86.txt
   
  @@ -494,3 +494,7 @@
   * Added new versions of binutils and glibc.
   * Added GCC PIE.
   * Rename filename to winter.txt.
  +[2003-12-21]
  +* Do not use "Enforce non-executable pages"
  +* Spell check.
  +* Fixed URL.
  
  
  



More information about the hints mailing list