cvs commit: patches/glibc glibc-2.3.3-ssp-frandom-2.patch

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Sat May 1 21:41:41 PDT 2004


tushar      04/05/01 22:41:41

  Added:       glibc    glibc-2.3.3-ssp-frandom-2.patch
  Log:
  Added glibc ssp patches
  
  Revision  Changes    Path
  1.1                  patches/glibc/glibc-2.3.3-ssp-frandom-2.patch
  
  Index: glibc-2.3.3-ssp-frandom-2.patch
  ===================================================================
  Submitted By: Robert Connolly <cendres at videotron dot ca> (ashes)
  Date: 2004-04-24
  Initial Package Version: 2.3.3
  Origin: http://www.research.ibm.com/trl/projects/security/ssp/
          http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/sys/stack_protector.c
  Description: Smashing Stack Protector - This patch adds guard functions to
  Glibc.
  
  This patch depends on erandom sysctl from:
  http://frandom.sourceforge.net/
  http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt
  
  Also see:
  http://www.research.ibm.com/trl/projects/security/ssp/
  http://www.linuxfromscratch.org/hlfs/
  http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
  
  diff -Naur glibc-2.3-20040418.orig/sysdeps/generic/libc-start.c glibc-2.3-20040418.ssp-frandom/sysdeps/generic/libc-start.c
  --- glibc-2.3-20040418.orig/sysdeps/generic/libc-start.c	2004-03-31 01:46:43.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/generic/libc-start.c	2004-04-25 07:07:34.000000000 +0000
  @@ -188,6 +188,8 @@
       GLRO(dl_debug_printf) ("\ntransferring control: %s\n\n", argv[0]);
   #endif
   
  +  __guard_setup ();
  +
   #ifdef HAVE_CLEANUP_JMP_BUF
     /* Memory for the cancellation buffer.  */
     struct pthread_unwind_buf unwind_buf;
  diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Dist glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Dist
  --- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Dist	2003-09-24 05:04:29.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Dist	2004-04-25 07:09:46.000000000 +0000
  @@ -1,3 +1,4 @@
  +stack_protector.c
   bits/initspin.h
   cmsg_nxthdr.c
   dl-brk.c
  diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Makefile glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Makefile
  --- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Makefile	2004-04-03 07:45:26.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Makefile	2004-04-25 07:10:02.000000000 +0000
  @@ -1,5 +1,5 @@
   ifeq ($(subdir),csu)
  -sysdep_routines += errno-loc
  +sysdep_routines += errno-loc stack_protector
   endif
   
   ifeq ($(subdir),assert)
  diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Versions glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Versions
  --- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Versions	2004-03-19 00:13:55.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Versions	2004-04-25 07:08:58.000000000 +0000
  @@ -108,6 +108,7 @@
     GLIBC_2.3.2 {
       # New kernel interfaces.
       epoll_create; epoll_ctl; epoll_wait;
  +	__guard; __guard_setup; __stack_smash_handler;
     }
     GLIBC_2.3.3 {
       gnu_dev_major; gnu_dev_minor; gnu_dev_makedev;
  diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/stack_protector.c glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/stack_protector.c
  --- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/stack_protector.c	1970-01-01 00:00:00.000000000 +0000
  +++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/stack_protector.c	2004-04-25 07:24:27.000000000 +0000
  @@ -0,0 +1,160 @@
  +/*	$hlfs: ssp.c,v 1.1 2004/04/24 00:00:00 robert Exp $	*/
  +
  +/* Most of this code was copied from the gcc patch, libgcc2.c hunk, from
  + *	http://www.trl.ibm.com/projects/security/ssp/
  + * And therefore this code is part of gcc.
  + */
  +
  +/* Copyright (C) 1989, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
  +   2000, 2001, 2002  Free Software Foundation, Inc.
  +
  +This file is part of GCC.
  +
  +GCC is free software; you can redistribute it and/or modify it under
  +the terms of the GNU General Public License as published by the Free
  +Software Foundation; either version 2, or (at your option) any later
  +version.
  +
  +In addition to the permissions in the GNU General Public License, the
  +Free Software Foundation gives you unlimited permission to link the
  +compiled version of this file into combinations with other programs,
  +and to distribute those combinations without any restriction coming
  +from the use of this file.  (The General Public License restrictions
  +do apply in other respects; for example, they cover modification of
  +the file, and distribution when not linked into a combine
  +executable.)
  +
  +GCC is distributed in the hope that it will be useful, but WITHOUT ANY
  +WARRANTY; without even the implied warranty of MERCHANTABILITY or
  +FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  +for more details.
  +
  +You should have received a copy of the GNU General Public License
  +along with GCC; see the file COPYING.  If not, write to the Free
  +Software Foundation, 59 Temple Place - Suite 330, Boston, MA
  +02111-1307, USA.  */
  +
  +/* Some portions of this code were copied from
  + *	http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/sys/stack_protector.c
  + * And hence a dual license.
  + */
  +
  +/*
  + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat.
  + * All rights reserved.
  + *
  + * Redistribution and use in source and binary forms, with or without
  + * modification, are permitted provided that the following conditions
  + * are met:
  + * 1. Redistributions of source code must retain the above copyright
  + *    notice, this list of conditions and the following disclaimer.
  + * 2. Redistributions in binary form must reproduce the above copyright
  + *    notice, this list of conditions and the following disclaimer in the
  + *    documentation and/or other materials provided with the distribution.
  + *
  + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
  + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
  + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  + * DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
  + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
  + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
  + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  + * POSSIBILITY OF SUCH DAMAGE.
  + *
  + */
  +
  +#include <stdio.h>
  +#include <string.h>
  +#include <fcntl.h>
  +#include <unistd.h>
  +#include <sys/sysctl.h>
  +
  +#include <signal.h>
  +
  +#include <sys/types.h>
  +#include <sys/socket.h>
  +#include <sys/un.h>
  +
  +#include <sys/syslog.h>
  +#ifndef _PATH_LOG
  +#define _PATH_LOG "/dev/log"
  +#endif
  +
  +long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
  +
  +void __guard_setup (void)
  +{
  +	int i, mib[3];
  +	size_t len;
  +
  +	if (__guard[0] != 0)
  +		return;
  +
  +	/* Random is another depth in Linux, hence an array of 3. */
  +	mib[0] = CTL_KERN;
  +	mib[1] = KERN_RANDOM;
  +	mib[2] = RANDOM_ERANDOM;
  +
  +	len = 4;
  +	for (i = 0; i < sizeof(__guard) / 4; i++) {
  +		if (sysctl(mib, 3, (char *)&((int *)__guard)[i],
  +		    &len, NULL, 0) == -1)
  +			break;
  +	}
  +
  +	if (i < sizeof(__guard) / 4) {
  +		/* If sysctl was unsuccessful, use the "terminator canary". */
  +		((char *)__guard)[0] = 0; ((char*)__guard)[1] = 0;
  +		((char *)__guard)[2] = '\n'; ((char *)__guard)[3] = 255;
  +	}
  +}
  +
  +void __stack_smash_handler (char func[], int damaged)
  +{
  +	extern char * __progname;
  +	const char message[] = ": stack smashing attack in function ";
  +	int bufsz = 512, len;
  +	char buf[bufsz];
  +	int LogFile;
  +	struct sockaddr_un SyslogAddr;  /* AF_UNIX address of local logger */
  +
  +	sigset_t mask;
  +	sigfillset(&mask);
  +	sigdelset(&mask, SIGABRT);  /* Block all signal handlers */
  +	sigprocmask(SIG_BLOCK, &mask, NULL); /* except SIGABRT */
  +
  +	strcpy(buf, "<2>"); len=3;    /* send LOG_CRIT */
  +	strncat(buf, __progname, bufsz-len-1); len = strlen(buf);
  +	if (bufsz>len) {strncat(buf, message, bufsz-len-1); len = strlen(buf);}
  +	if (bufsz>len) {strncat(buf, func, bufsz-len-1); len = strlen(buf);}
  +	/* print error message */
  +	write (STDERR_FILENO, buf+3, len-3);
  +	if ((LogFile = socket(AF_UNIX, SOCK_DGRAM, 0)) != -1) {
  +		/* 
  +		* Send "found" message to the "/dev/log" path
  +		*/
  +		SyslogAddr.sun_family = AF_UNIX;
  +		(void)strncpy(SyslogAddr.sun_path, _PATH_LOG,
  +			sizeof(SyslogAddr.sun_path) - 1);
  +		SyslogAddr.sun_path[sizeof(SyslogAddr.sun_path) - 1] = '\0';
  +		sendto(LogFile, buf, len, 0, (struct sockaddr *)&SyslogAddr,
  +			sizeof(SyslogAddr));
  +	}
  +
  +	/* Make sure the default handler is associated with SIGABRT */
  +	struct sigaction sa;
  +
  +	memset(&sa, 0, sizeof(struct sigaction));
  +	sigfillset(&sa.sa_mask);    /* Block all signals */
  +	sa.sa_flags = 0;
  +	sa.sa_handler = SIG_DFL;
  +	sigaction(SIGABRT, &sa, NULL);
  +
  +	(void)kill(getpid(), SIGABRT);
  +
  +	_exit(127);
  +}
  +
  
  
  



More information about the patches mailing list