r900 - trunk

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Sun Oct 10 15:52:47 PDT 2004

Author: tushar
Date: 2004-10-10 16:52:45 -0600 (Sun, 10 Oct 2004)
New Revision: 900

Update Hint: ssp

Modified: trunk/ssp.txt
--- trunk/ssp.txt	2004-10-10 22:51:19 UTC (rev 899)
+++ trunk/ssp.txt	2004-10-10 22:52:45 UTC (rev 900)
@@ -1,12 +1,12 @@
 AUTHOR:		Robert Connolly <robert at linuxfromscratch dot org> (ashes)
-DATE:		2004-04-26
+DATE:		2004-10-01
 LICENSE:	Public Domain
 SYNOPSIS:	Smashing Stack Protector and Libsafe
-PRIMARY URL:	http://www.linuxfromscratch.org/~robert/winter/Linux/
+PRIMARY URL:	http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
 Smashing Stack Protector is a C and C++ security extension for GCC.
@@ -33,15 +33,15 @@
 The frandom kernel patch is now required for SSP. This provides the erandom
 device and sysctl interface. Using erandom stops a serious entropy depletion
 problem while still providing urandom quality random bytes. Idealy you should
 reboot an frandom kernel before installing SSP, but SSP will build without it.
-It will fallback to hardcoded values. Read this:
+If the erandom sysctl interface is missing from the system (vanilla kernel)
+then /dev/urandom will be used; if /dev/urandom is missing (chroot) then
+gettimeofday() will be used. Read this to install frandom:
 You will need the header from the frandom patch installed to build glibc.
@@ -55,7 +55,7 @@
 		Extra security patches
-		Full Bounds Checking
+	GCC 3.4 notes
@@ -74,21 +74,25 @@
 added "ssp" to the version string. The gcc2 patch is only needed if you plan to
 use gcc2 to build the kernel, and want stack protection in the kernel.
+Note: gcc-3.3 patches apply to gcc-3.3.* too. Likewise with gcc-3.4 patches.
-        gcc-3.3-ssp-2.patch # and/or
-        gcc-2.95.3-ssp-1.patch
+        gcc-3.3-ssp-3.patch
+	gcc-3.4-ssp-1.patch
+        gcc-2.95.3-ssp-3.patch
-The libc patch will define __guard_setup and __stack_smash_handler in libc.so
+The Glibc patch will define __guard_setup and __stack_smash_handler in libc.so
 so the kill function can be kept in a shared object. In the Glibc patch the
 erandom device is used to gather a small amount of random bits for the gaurd
-value. /dev/log will lso need to be present in chroot for syslog to log stack
+value. /dev/log will also need to be present in chroot for syslog to log stack
 overflows. It is reccomended intrusion detection systems monitor the system
 logs for these alerts.
-        glibc-2.3.{2,3}-ssp-frandom-2.patch # <- Recommended
+        glibc-2.3.2-ssp-frandom-4.patch
+	glibc-2.3.4-ssp_frandom-3.patch # This works for glibc-2.3.3 too.
-The GCC Specs patch adds -fstack-protector-all to GCC's default compiler flags.
+This GCC Specs patch adds -fstack-protector-all to GCC's default compiler flags.
 Filters prevent libraries and the kernel from being built with unnessesary
 smash symbols. This patch will build all main executables with stack protection.
 This patch makes using stack protector almost transparent. This gcc2 patch is
@@ -96,7 +100,8 @@
-	gcc-3.3-sspspecs-3.patch # and/or
+	gcc-3.3-sspspecs-3.patch
+	gcc-3.4-sspspecs-1.patch
 The Linux kernel patch adds support to the Linux kernel for smash symbols. It
@@ -104,19 +109,28 @@
 therefore excluded from the default specs in the sspspecs patch.
-        linux-2.4.26-ssp-1.patch # or
-        linux-2.6.5-ssp-1.patch
+        linux-2.4.27-ssp-1.patch # or
+        linux-2.6.5-ssp-1.patch # This still works on newer 2.6 kernels.
-This only works with linux-2.4 right now, untill its ported to 2.6.
-        linux-2.4.26-frandom-1.patch
+        linux-2.4.26-frandom-1.patch # or
+	linux-
-The XFree86 patch disables stack protection for some modules. XFree86 4.4 is
-not yet patched/supported.
+There is also an mktemp patch for frandom:
+	mktemp-1.5-frandom-1.patch
+The XFree86 patch disables stack protection for some modules.
 http://www.linuxfromscratch.org/patches/downloads/XFree86/ \
+And for LFS-6.0
+        linux-libc-headers/linux-libc-headers-2.6-frandom-1.patch
@@ -130,6 +144,9 @@
 This patch adds a sanity check to malloc. Backported from the Owl project.
+Note: This patch was integrated in the latest glibc-2.3.4 (cvs) package.
@@ -138,8 +155,9 @@
 Official site:
--The good news:
+Note: Libsafe is obsolete, you can still use it if you wish.
 Libsafe was developed by Avaya Labs to protect against format string
 vulnerabilities. Though not widely used it has been widely tested. This
 protection can be installed on an already running system, using ld.so.preload
@@ -147,9 +165,6 @@
 This of course only protects dynamically linked applications. There should not
 be a noticeable performance decrease, and it also logs to syslog.
--The bad news:
-Libsafe is obsolete, you can still use it if you wish.
 We get some errors if we install Libsafe early in the build.
 FAIL: g++.dg/expr/anew1.C execution test
@@ -161,31 +176,18 @@
 FAIL: S-records
 FAIL: S-records with constructors
-To avoid these errors install Libsafe after gcc in chapter 6. Libsafe is
+To avoid these errors install Libsafe after GCC in chapter 6. Libsafe is
 somewhat obsolete. Most modern software either doesn't use these strings, or
 uses them properly. All of the example exploits in exploits/ will fail because
 of SSP.
-Hardened GCC
-This is now sspspecs.patch.
+GCC 3.4 notes
+The 3.4 series of GCC has a very picky testsuite. You can expect many
+testsuite failues if you use the sspspecs patch, for now. I'll keep trying to
+find a fix.
-Full Bounds Checking
-This is an auditing tool to give verbose debugging. Applications built with this
-will run very slowly. This is not intended for real world use, only for
-debugging. -fbounds-checking is added to GCC extensions, and is not used by
-default. You can also add this to the specs, but I don't reccomend it with
--fstack-protector with debugging if you want to get consistent results (read up
-about /dev/urandom). Applications compiled with this will crash if any part of
-the program goes out of bounds.
-Official site (more versions are available):
-	bounds-checking-gcc-3.3.3-1.00.patch.bz2
@@ -195,16 +197,17 @@
 Kernel headers
 (See under PREREQUISITES above)
-patch -Npq -i ../linux-2.4.26-frandom-1.patch
+patch -Npq -i ../linux-2.4.27-frandom-1.patch
  - GCC pass 1
 If the host system has SSP in Glibc already, then you can patch gcc
 here. Otherwise do not. If in doubt, wait until pass two.
  - Glibc
-patch -Np1 -i ../glibc-2.3.2-ssp-frandom-2.patch
+patch -Np1 -i ../glibc-2.3.4-ssp-frandom-4.patch # or 2.3.2's patch
  - GCC pass 2
-patch -Np1 -i ../gcc-3.3-ssp-2.patch
+If you use sspspecs patch then a `make bootstrap` is a good idea too.
+patch -Np1 -i ../gcc-3.3-ssp-3.patch
 patch -Np1 -i ../gcc-3.3-sspspecs-3.patch
  - Binutils pass 2
@@ -217,21 +220,21 @@
 Make sure the frandom header get installed again.
  - Glibc
-patch -Np1 -i ../glibc-2.3.2-ssp-frandom-2.patch
+patch -Np1 -i ../glibc-2.3.4-ssp-frandom-3.patch
  - Binutils
 make CFLAGS="-fno-stack-protector" check
  - GCC
 hgcc -fa
-patch -Np1 -i ../gcc-3.3-ssp-2.patch
+patch -Np1 -i ../gcc-3.3-ssp-3.patch
 patch -Np1 -i ../gcc-3.3-sspspecs-3.patch
  - Grub
 CFLAGS="-fno-stack-protector" ./configure...
  - GCC 2.95.3
-patch -Np1 -i ../gcc-2.95.3-ssp-1.patch
+patch -Np1 -i ../gcc-2.95.3-ssp-3.patch
 Chapter 8
@@ -239,8 +242,8 @@
 Linux kernel
 make mrproper &&
-patch -Np1 -i ../linux-2.4.26-ssp-1.patch
-patch -Np1 -i ../linux-2.4.26-frandom-1.patch
+patch -Np1 -i ../linux-2.4.27-ssp-1.patch
+patch -Np1 -i ../linux-2.4.27-frandom-1.patch
 make menuconfig
@@ -277,6 +280,16 @@
 gcc -fstack-protector-all -o fail fail.c &&
+This will display the __guard value. It should change each runtime.
+cat > guard-test.c << "EOF"
+extern unsigned long __guard[];
+int main () {
+        printf("__guard\t=\t0x%08x;\n", __guard[0]);
+        return 0;
 * Thanks to Hiroaki Etoh for providing the SSP patch to IBM
@@ -371,3 +384,6 @@
 * Fix more/again for erandom.
 * Update some patches.
+* New patches.
+* Added guard-test.c

More information about the hints mailing list