ProPolice Hint Submission

ashes cendres at videotron.ca
Sat Oct 18 00:14:05 PDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AUTHOR:	Robert Connolly <cendres at videotron dot ca> (ashes)

DATE:	2003-10-18

LICENSE:	Public Domain

SYNOPSIS:	Building an LFS with ProPolice enabled.

DESCRIPTION:
Intergrate a patch into the bootstrap stage to protect the new system from
buffer overflows.

PREREQUISITES:
This hint requires that you have sufficient knowledge of LinuxFromScratch.
This hint is available for GCC versions 2.95.3 and 3.3.

HINT:

Introduction
=============

ProPolice is a GCC extension for protecting applications from stack smashing
attacks. ProPolice stack guard has been used against xlockmore-3.10,
Perl-5.003, elm-2.003, and SuperProbe-2.11 which all have known root exploits.
Testing showed that when these programs were exploited the stack guard
terminated them with a message that a stack smashing attack had been detected.
This guard protects against bugs and attacks not yet conceived. It has shown
to be robust, practical to use, and preform well. ProPolice has been
intergrated into OpenBSD, and should be added to Gentoo Linux in the near
future, among others. The official website for ProPolice can be found in the
acknowledgments at the end of this document.

Installation
=============

It is recommended this hint is used as part of an LFS installation between
chapsters four and five. You will need all the packages and the LFS partition
and /tools setup in advance. In this example source packages are put in
$LFS/tools/usr/src. This is not strictly important, but it is important you
are able to keep track of your ProPolice patched GCC tar ball during the
normal installation of LFS, and use the patch on any future installations of
GCC.

Procedure
=========

# For GCC-3.3

mkdir -p $LFS/tools/usr/src/patches/propolice/3.3
cd $LFS/tools/usr/src/patches/propolice/3.3
wget
http://www.research.ibm.com/trl/projects/security/ssp/gcc3_3/protector-3.3-4.tar.gz
wget
http://www.research.ibm.com/trl/projects/security/ssp/gcc3_3/protector-3.3-4.tar.gz.md5
md5sum -c protector-3.3-4.tar.gz

# You should get "protector-3.3-4.tar.gz: OK"

tar zxf protector-3.3-4.tar.gz

cd $LFS/tools/usr/src
md5sum gcc-core-3.3.1.tar.bz2

# Should give us "8c113f495402c5ab8bf35133268de561  gcc-core-3.3.1.tar.bz2"

rm -rf gcc-{3.3.1,build}
tar jxf gcc-core-3.3.1.tar.bz2
cd gcc-3.3.1/gcc
patch -p 1 < $LFS/tools/usr/src/patches/propolice/3.3/protector.dif
cp $LFS/tools/usr/src/patches//propolice/3.3/protector.c .
cp $LFS/tools/usr/src/patches/propolice/3.3/protector.h .

# This next step enables propolice by default with anything this gcc will
# build. The flag '-fstack-protector' explicitly enables propolice if you do
# not use this next patch, and it can be added to CFLAGS and CXXFLAGS.'
# -fno-stack-protector' explicitly disables the stack protection if for any
# reason you want to.
# Note: It is reccomended all your software be built with this protection. It
# should work on a wide variety of software, including xfree86.

patch -p 1 < $LFS/tools/usr/src/patches/propolice/3.3/protectonly.dif

# Hint: edit  $LFS/tools/usr/src/gcc-3.3.1/gcc/version.c to reflect that you
# have patched it with propolice.

cd $LFS/tools/usr/src/
mv gcc-core-3.3.1.tar.bz2 gcc-core-3.3.1.tar.bz2.orig
tar jcf gcc-core-propolice-3.3.1.tar.bz2 gcc-3.3.1/
ln -s gcc-core-propolice-3.3.1.tar.bz2 gcc-core-3.3.1.tar.bz2

# For GCC 2.95.3

mkdir $LFS/tools/usr/src/patches/propolice/2.95.2
cd $LFS/tools/usr/src/patches/propolice/2.95.3
wget
http://www.research.ibm.com/trl/projects/security/ssp/gcc2_95_3/protector-2.95.3-23.tar.gz
wget
http://www.research.ibm.com/trl/projects/security/ssp/gcc2_95_3/protector-2.95.3-23.tar.gz.md5
md5sum -c protector-2.95.3-23.tar.gz.md5

# You should get "protector-2.95.3-23.tar.gz: OK"

tar zxf protector-2.95.3-23.tar.gz
cd $LFS/tools/usr/src
md5sum gcc-2.95.3.tar.bz2

# Should give you "87ee083a830683e2aaa57463940a0c3c  gcc-2.95.3.tar.bz2"

rm -rf gcc-{2.95.3,build}
tar jxf gcc-2.95.3.tar.bz2
cd gcc-2.95.3/gcc
patch -p 1 < $LFS/tools/usr/src/patches/propolice/2.95.3/protector.dif
cp $LFS/tools/usr/src/patches//propolice/2.95.3/protector.c .
cp $LFS/tools/usr/src/patches/propolice/2.95.3/protector.h .

# This next step enables propolice by default with anything this gcc will
# build. The flag -fstack-protector explicitly enables propolice if you do
# not use this next patch, and it can be added to CFLAGS and CXXFLAGS.
# -fno-stack-protector explicitly disables the stack protection if for any
# reason you want to.
# Note: It is reccomended all your software be built with this protection.
# It should work on a wide variety of software, including xfree86.

patch -p 1 < $LFS/tools/usr/src/patches/propolice/2.95.3/protectonly.dif

# Hint: edit  $LFS/tools/usr/src/gcc-2.95.3/gcc/version.c to reflect that
# you have patched it with propolice.

cd $LFS/tools/usr/src/
mv gcc-core-2.95.3.tar.bz2 gcc-core-2.95.3.tar.bz2.orig
tar jcf gcc-core-propolice-2.95.3.tar.bz2 gcc-2.95.3/
ln -s gcc-core-propolice-2.95.3.tar.bz2 gcc-2.95.3.tar.bz2

# With that all done, we have applied the patches and it should work
# transparently from here on. `make boostrap`, and `make` will utilize
# the patches. Aswell the patches included in the LFS book can be used on
# top.
# When it is installed you can confirm the binaries are protected. `objdump
# -d /path/to/binary | grep stack_smash` is one way or `gcc -S hello.c &&
# cat hello.s | grep stack_smash` is another.

Feedback
========
cendres at videotron dot ca

ACKNOWLEDGMENTS:

Thanks to GNU for providing GCC at http://www.gnu.org/

Thanks to Hiroaki Etoh for providing the patch to IBM - etoh at jp.ibm.com

Thanks to IBM for providing the patch at
http://www.research.ibm.com/trl/projects/security/ssp/

IBM is a registered trademark of the IBM Corporation found at
http://www.ibm.com

CHANGELOG:
[2003-10-18]
* Debut release
* Reformat



- --
cendres at videotron dot com
gpg --keyserver wwwkeys.pgp.net --recv-keys 0xD4E26E10


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/kOhEX4k9bNTibhARAqNPAJ9giIcg4abV+hgTs1kBRUeWzDRu6gCfT2kH
py4M0gvtlSJj43z1yZsHdsc=
=Re4C
-----END PGP SIGNATURE-----




More information about the hints mailing list