r4142 - in glibc-package/trunk/debian: . patches patches/any

To: debian-glibc@lists.debian.org
Subject: r4142 - in glibc-package/trunk/debian: . patches patches/any
From: Aurelien Jarno <aurel32@alioth.debian.org>
Date: Sun, 7 Feb 2010 13:03:51 +0000
Message-id: <E1Ne6nn-0003Vt-KZ@alioth.debian.org>
Author: aurel32
Date: 2010-02-07 13:03:49 +0000 (Sun, 07 Feb 2010)
New Revision: 4142

Added:
   glibc-package/trunk/debian/patches/any/submitted-leading-zero-stack-guard.diff
   glibc-package/trunk/debian/patches/any/submitted-stack-guard-quick-randomization.diff
Modified:
   glibc-package/trunk/debian/changelog
   glibc-package/trunk/debian/patches/series
Log:
  * Add patches/any/submitted-leading-zero-stack-guard.diff and 
    patches/any/submitted-stack-guard-quick-randomization.diff from Ubuntu and
    Fedora to improve stack randomisation.  Closes: #568488.




Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog	2010-02-07 12:59:01 UTC (rev 4141)
+++ glibc-package/trunk/debian/changelog	2010-02-07 13:03:49 UTC (rev 4142)
@@ -12,6 +12,9 @@
     arguments.
   * Add patches/ia64/submitted-memchr.diff to fix memchr() overshoot on ia64.
     Closes: #563882
+  * Add patches/any/submitted-leading-zero-stack-guard.diff and 
+    patches/any/submitted-stack-guard-quick-randomization.diff from Ubuntu and
+    Fedora to improve stack randomisation.  Closes: #568488.
 
   [ Samuel Thibault ]
   * patches/hurd-i386/local-pthread.diff: New hurd-only patch to provide
@@ -26,7 +29,7 @@
   * patches/hurd-i386/submitted-getnprocs.diff: New patch to add get_nprocs()
     and such weak aliases.
 
- -- Aurelien Jarno <aurel32@debian.org>  Fri, 05 Feb 2010 21:11:00 +0100
+ -- Aurelien Jarno <aurel32@debian.org>  Sun, 07 Feb 2010 14:02:27 +0100
 
 eglibc (2.10.2-5) unstable; urgency=low
 

Added: glibc-package/trunk/debian/patches/any/submitted-leading-zero-stack-guard.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/submitted-leading-zero-stack-guard.diff	                        (rev 0)
+++ glibc-package/trunk/debian/patches/any/submitted-leading-zero-stack-guard.diff	2010-02-07 13:03:49 UTC (rev 4142)
@@ -0,0 +1,54 @@
+Description: require that the first byte in the stack guard in a NULL byte,
+ to improve mitigation of NULL-terminated string overflows.
+Bug: http://sourceware.org/bugzilla/show_bug.cgi?id=10149
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/413278
+Author: Kees Cook <kees.cook@canonical.com>
+
+--- a/sysdeps/unix/sysv/linux/dl-osinfo.h
++++ b/sysdeps/unix/sysv/linux/dl-osinfo.h
+@@ -65,7 +65,12 @@
+ static inline uintptr_t __attribute__ ((always_inline))
+ _dl_setup_stack_chk_guard (void *dl_random)
+ {
+-  uintptr_t ret;
++  uintptr_t ret = 0;
++  /* Having a leading zero byte protects the stack guard from being
++     overwritten with str* write operations or exposed by an
++     unterminated str* read operation. */
++  unsigned char *p = ((unsigned char *) &ret) + 1;
++  int size = sizeof (ret) - 1;
+ #ifndef __ASSUME_AT_RANDOM
+   if (__builtin_expect (dl_random == NULL, 0))
+     {
+@@ -73,16 +78,16 @@
+       int fd = __open ("/dev/urandom", O_RDONLY);
+       if (fd >= 0)
+ 	{
+-	  ssize_t reslen = __read (fd, &ret, sizeof (ret));
++	  ssize_t reslen = __read (fd, p, size);
+ 	  __close (fd);
+-	  if (reslen == (ssize_t) sizeof (ret))
++	  if (reslen == (ssize_t) size)
+ 	    return ret;
+ 	}
+ # endif
+-      ret = 0;
+-      unsigned char *p = (unsigned char *) &ret;
+-      p[sizeof (ret) - 1] = 255;
+-      p[sizeof (ret) - 2] = '\n';
++      /* Lacking any other form of randomized stack guard, add other
++         terminators in an attempt to block things like fgets, etc. */
++      p[size - 1] = 255;
++      p[size - 2] = '\n';
+ #ifdef HP_TIMING_NOW
+       hp_timing_t hpt;
+       HP_TIMING_NOW (hpt);
+@@ -115,7 +120,7 @@
+     /* We need in the moment only 8 bytes on 32-bit platforms and 16
+        bytes on 64-bit platforms.  Therefore we can use the data
+        directly and not use the kernel-provided data to seed a PRNG.  */
+-    memcpy (&ret, dl_random, sizeof (ret));
++    memcpy (p, dl_random, size);
+   return ret;
+ }
+ 

Added: glibc-package/trunk/debian/patches/any/submitted-stack-guard-quick-randomization.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/submitted-stack-guard-quick-randomization.diff	                        (rev 0)
+++ glibc-package/trunk/debian/patches/any/submitted-stack-guard-quick-randomization.diff	2010-02-07 13:03:49 UTC (rev 4142)
@@ -0,0 +1,119 @@
+Description: when AT_RANDOM is not available, attempt to build randomization
+ of stack guard value from the ASLR of stack and heap locations, and finally
+ the hp_timing_t value.  Upstream glibc does not want this patch, as they
+ feel AT_RANDOM is sufficient.
+Author: Jakub Jelinek
+Origin: http://cvs.fedora.redhat.com/viewvc/devel/glibc/
+Forwarded: not-needed
+
+---
+ elf/tst-stackguard1.c               |    8 ++++++--
+ nptl/tst-stackguard1.c              |    8 ++++++--
+ sysdeps/unix/sysv/linux/dl-osinfo.h |   29 +++++++++++++++++++++++++++++
+ 3 files changed, 41 insertions(+), 4 deletions(-)
+
+--- a/sysdeps/unix/sysv/linux/dl-osinfo.h
++++ b/sysdeps/unix/sysv/linux/dl-osinfo.h
+@@ -17,10 +17,13 @@
+    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+    02111-1307 USA.  */
+ 
++#include <errno.h>
+ #include <kernel-features.h>
+ #include <dl-sysdep.h>
+ #include <fcntl.h>
+ #include <stdint.h>
++#include <hp-timing.h>
++#include <endian.h>
+ 
+ #ifndef MIN
+ # define MIN(a,b) (((a)<(b))?(a):(b))
+@@ -80,6 +83,32 @@
+       unsigned char *p = (unsigned char *) &ret;
+       p[sizeof (ret) - 1] = 255;
+       p[sizeof (ret) - 2] = '\n';
++#ifdef HP_TIMING_NOW
++      hp_timing_t hpt;
++      HP_TIMING_NOW (hpt);
++      hpt = (hpt & 0xffff) << 8;
++      ret ^= hpt;
++#endif
++      uintptr_t stk;
++      /* Avoid GCC being too smart.  */
++      asm ("" : "=r" (stk) : "r" (p));
++      stk &= 0x7ffff0;
++#if __BYTE_ORDER == __LITTLE_ENDIAN
++      stk <<= (__WORDSIZE - 23);
++#elif __WORDSIZE == 64
++      stk <<= 31;
++#endif
++      ret ^= stk;
++      /* Avoid GCC being too smart.  */
++      p = (unsigned char *) &errno;
++      asm ("" : "=r" (stk) : "r" (p));
++      stk &= 0x7fff00;
++#if __BYTE_ORDER == __LITTLE_ENDIAN
++      stk <<= (__WORDSIZE - 29);
++#else
++      stk >>= 8;
++#endif
++      ret ^= stk;
+     }
+   else
+ #endif
+Index: b/elf/tst-stackguard1.c
+===================================================================
+--- a/elf/tst-stackguard1.c
++++ b/elf/tst-stackguard1.c
+@@ -160,17 +160,21 @@
+      the 16 runs, something is very wrong.  */
+   int ndifferences = 0;
+   int ndefaults = 0;
++  int npartlyrandomized = 0;
+   for (i = 0; i < N; ++i) 
+     {
+       if (child_stack_chk_guards[i] != child_stack_chk_guards[i+1])
+ 	ndifferences++;
+       else if (child_stack_chk_guards[i] == default_guard)
+ 	ndefaults++;
++      else if (*(char *) &child_stack_chk_guards[i] == 0)
++	npartlyrandomized++;
+     }
+ 
+-  printf ("differences %d defaults %d\n", ndifferences, ndefaults);
++  printf ("differences %d defaults %d partly randomized %d\n",
++	  ndifferences, ndefaults, npartlyrandomized);
+ 
+-  if (ndifferences < N / 2 && ndefaults < N / 2)
++  if ((ndifferences + ndefaults + npartlyrandomized) < 3 * N / 4)
+     {
+       puts ("stack guard canaries are not randomized enough");
+       puts ("nor equal to the default canary value");
+Index: b/nptl/tst-stackguard1.c
+===================================================================
+--- a/nptl/tst-stackguard1.c
++++ b/nptl/tst-stackguard1.c
+@@ -190,17 +190,21 @@
+      the 16 runs, something is very wrong.  */
+   int ndifferences = 0;
+   int ndefaults = 0;
++  int npartlyrandomized = 0;
+   for (i = 0; i < N; ++i) 
+     {
+       if (child_stack_chk_guards[i] != child_stack_chk_guards[i+1])
+ 	ndifferences++;
+       else if (child_stack_chk_guards[i] == default_guard)
+ 	ndefaults++;
++      else if (*(char *) &child_stack_chk_guards[i] == 0)
++	npartlyrandomized++;
+     }
+ 
+-  printf ("differences %d defaults %d\n", ndifferences, ndefaults);
++  printf ("differences %d defaults %d partly randomized %d\n",
++	  ndifferences, ndefaults, npartlyrandomized);
+ 
+-  if (ndifferences < N / 2 && ndefaults < N / 2)
++  if ((ndifferences + ndefaults + npartlyrandomized) < 3 * N / 4)
+     {
+       puts ("stack guard canaries are not randomized enough");
+       puts ("nor equal to the default canary value");

Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series	2010-02-07 12:59:01 UTC (rev 4141)
+++ glibc-package/trunk/debian/patches/series	2010-02-07 13:03:49 UTC (rev 4142)
@@ -233,3 +233,6 @@
 any/submitted-nis-shadow.diff
 any/local-no-SOCK_NONBLOCK.diff
 any/cvs-malloc_info-init.diff
+any/submitted-leading-zero-stack-guard.diff
+any/submitted-stack-guard-quick-randomization.diff
+
Reply to:
Prev by Date: r4141 - glibc-package/branches/eglibc-2.11/debian
Next by Date: Bug#563637: improvements from Ubuntu to handle compiler hardening better
Previous by thread: r4141 - glibc-package/branches/eglibc-2.11/debian
Next by thread: Bug#563637: improvements from Ubuntu to handle compiler hardening better
Index(es):
- Date
- Thread