Bug#511811: libc6: use --enable-stackguard-randomization when building glibc
Package: libc6
Version: 2.7-6
Severity: normal
gcc provides SSP (propolice) stack protection to applications compiled
with the -fstack-protector{,-all} options. The actual canary value used
in this stack protection scheme, is supplied by glibc.
If glibc is built with the --enable-stackguard-randomization option,
each application gets a random canary value (at runtime) from /dev/urandom.
If --enable-stackguard-randomization is absent, applications get a static
canary value of "0xff0a0000". This is very unfortunate, because the
attacker may be able to bypass the stack protection mechanism, by placing
those 4 bytes in the canary word, before the actual canary check is
performed (for example in memcpy-based buffer overflows).
Debian should really be using --enable-stackguard-randomization when
building glibc, so that its users can get the full benefits of SSP.
Cheers
Reply to: