Last one for a while - ProPolice Update :)

ashes cendres at videotron.ca
Mon Oct 27 04:22:45 PST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I again apologies for the up to the minute updates. This will be the last one 
untill GCC has a new stable release. I have added one new trivial patch for 
XFree86-4.3.0. I believe the md5sums and url's in the hint should work after 
the patch is uploaded, if not I will have to correct it. Aside from that the 
hint is frozen waiting future releases of the toolchain or XFree86.
Patches are being send to patches at linuxfromscratch.org

P.S. I will continue testing and running these patches on my desktop to verify 
they're stable. And I will start working on the security hint :)

- -- 
cendres at videotron dot ca
gpg --keyserver wwwkeys.pgp.net --recv-keys 0xD4E26E10
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/nQ4cX4k9bNTibhARAmWqAJ9MmcEoriaPkPVQn7L5c1SYdTOVFQCfR8jR
Y7nbRXoN54uk997GbTa+dOI=
=NGYM
-----END PGP SIGNATURE-----
-------------- next part --------------
AUTHOR: Robert Connolly <cendres at videotron dot ca> (ashes)

DATE:   2003-10-27

LICENSE:        Public Domain

SYNOPSIS:       ProPolice - Bullet proofing the penguin.

DESCRIPTION:
Intergrate a patch into the bootstrap stage to protect the new system from
buffer overflows.

PREREQUISITES:
This hint requires that you have sufficient knowledge of Linux.
See ceveats below.
This hint is available for GCC version 3.3.1 and 2.95.3.
Note: gcc-core package is the only required component. Others are optional.

HINT:

Introduction
=============
ProPolice is a GCC extension for protecting applications from stack smashing
attacks. ProPolice stack guard has been used against xlockmore-3.10,
Perl-5.003, elm-2.003, and SuperProbe-2.11 which all have known root exploits.
Testing showed that when these programs were exploited the stack guard
terminated them with a message stating a stack smashing attack had been
detected. This guard protects against bugs and attacks not yet conceived.
It has shown to be robust, practical to use, and preform well. ProPolice has
been intergrated into OpenBSD, and should be added to Gentoo Linux in the near
future, among others. The official website for ProPolice can be found in the
acknowledgments at the end of this document. ProPolice is still young and has
not been widely tested. It is my opinion ProPolice, or a varient, will become
a normal part of all GNU systems after enough real world testing has been done.
This patch adds two compile options to GCC; -fstack-protector enables the
protection, and -fno-stack-protector disables the protection.

Caveats
=======
You can expect a handfull of errors from regression tests in the toolchain.
Binutils being the worse. I tested the ProPolice _Only_ patch on several systems
with similiar results. Grub will only build with -fno-stack-protector, or you
can use lilo. Xfree needs a patch to enable OpenBSD ProPolice code. The X server
will be protected, but not the modules. You can also expect problems with
libPAM, and likely some unknown problems exist. I have made the authors of these
software bundles aware of the problems, and hope they're resolved in future
releases.

Choose your patche(s)
======================
There are 2 types of patches for GCC.

1. With the ProPolice _Only_ patch the -fstack-protector is used by default
including during GCC's boostrap phase. With this patch all the software you
build with GCC will be automaticly protected. If you experience any abnormal
errors, the -fno-stack-protector can be set to debug the error. Please report
any problems. ProPolice build errors are easy to spot, look for "smash". 

2. With generic protection GCC does not utilize the patch, and is set
-fno-stack-protector by default. -fstack-protector can be set in CFLAGS and
CXXFLAGS to enable the guard. This is good for testers.

Download
========
md5sum
f7169c00be8383f1387beac0e93414b3  gcc-3.3.1-propolice_only.patch
69b6f17d03e6fd95a47246e2180f9f45  gcc-3.3.1-propolice.patch
31aa81589fefff88aaaaf9255f6b367b  gcc-2.95.3-propolice_only.patch
20e22a1453fba4425042ec13a14f84f9  gcc-2.95.3-propolice.patch
http://www.linuxfromscratch.org/patches/downloads/gcc/ \
	gcc-3.3.1-propolice_only.patch
http://www.linuxfromscratch.org/patches/downloads/gcc/ \
	gcc-3.3.1-propolice.patch
http://www.linuxfromscratch.org/patches/downloads/gcc/ \
	gcc-2.95.3-propolice_only.patch
http://www.linuxfromscratch.org/patches/downloads/gcc/ \
	gcc-2.95.3-propolice.patch

Xfree86
=======
If you read this patch you will see how simple it is.
md5sum
d6d4537e30f0d477666fa429a938b74c  XFree86-4.3.0-propolice.patch
http://www.linuxfromscratch.org/patches/downloads/XFree86/ \
	XFree86-4.3.0-propolice.patch

Examples
=========

tar jxf gcc-core-3.3.1.tar.bz2 &&
cd gcc-3.3.1 && 
patch -Np1 -i ../gcc-3.3.1-propolice_only.patch

cd xc/
patch -Np1 -i ../XFree86-4.3.0-propolice.patch

Conclusion
===========
When it is installed you can confirm the binaries are protected.

gcc -S hello.c &&
cat hello.s | grep stack_smash &&
rm hello.s

or

gcc hello.c &&
objdump -d a.out | grep stack_smash &&
rm a.out

TODO
=====
More testing.

Feedback
========
<cendres at videotron dot ca>

ACKNOWLEDGMENTS:

* Thanks to GNU for providing GCC at http://www.gnu.org/
* Thanks to Hiroaki Etoh for providing the patch to IBM - etoh at jp.ibm.com
* Thanks to IBM for providing the patch at
	http://www.research.ibm.com/trl/projects/security/ssp/
* IBM is a registered trademark of the IBM Corporation found at
	http://www.ibm.com
* Thanks to Gentoo for providing documents and patch http://www.gentoo.org/
* Thanks to OpenBSD for their XFree86 code. http://www.openbsd.org/

CHANGELOG:
[2003-10-18]
* Debut
* Reformat hint
[2003-10-22]
* Reformated the patches so they're much easier to apply.
* Edit/rewrite hint & synopsis.
[2003-10-24]
* Added caveat.
* Fixed URLS.
* Lite edit
[2003-10-25]
* New bugs found.
[2003-10-26]
* GCC 2.95.3 patches made.
[2003-10-27]
* XFree86-4.3.0 patch made.
* Hint is now Beta - Need more feedback.



More information about the hints mailing list