Bug#511811: libc6: use --enable-stackguard-randomization when building glibc

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#511811: libc6: use --enable-stackguard-randomization when building glibc
From: Dimitris Glynos <dimitris@census-labs.com>
Date: Wed, 14 Jan 2009 18:16:30 +0200
Message-id: <[🔎] 20090114161630.2664.8376.reportbug@brahames.planet-endor.gr>
Reply-to: Dimitris Glynos <dimitris@census-labs.com>, 511811@bugs.debian.org

Package: libc6
Version: 2.7-6
Severity: normal

gcc provides SSP (propolice) stack protection to applications compiled
with the -fstack-protector{,-all} options. The actual canary value used
in this stack protection scheme, is supplied by glibc.

If glibc is built with the --enable-stackguard-randomization option,
each application gets a random canary value (at runtime) from /dev/urandom.
If --enable-stackguard-randomization is absent, applications get a static
canary value of "0xff0a0000". This is very unfortunate, because the
attacker may be able to bypass the stack protection mechanism, by placing
those 4 bytes in the canary word, before the actual canary check is
performed (for example in memcpy-based buffer overflows).

Debian should really be using --enable-stackguard-randomization when
building glibc, so that its users can get the full benefits of SSP.

Cheers

Reply to:

Follow-Ups:
- Bug#511811: marked as done (libc6: use --enable-stackguard-randomization when building glibc)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Re: gconv-modules overwritten
Next by Date: Processed: severity of 511811 is wishlist
Previous by thread: Re: gconv-modules overwritten
Next by thread: Bug#511811: marked as done (libc6: use --enable-stackguard-randomization when building glibc)
Index(es):
- Date
- Thread