[Bug 8551] New: IBM Stack Smashing Protector (a.k.a ProPolice) kernel-level helpers
bugzilla-daemon at bugzilla.ubuntu.com
bugzilla-daemon at bugzilla.ubuntu.com
Sat Apr 2 19:23:45 UTC 2005
Please do not reply to this email. You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=8551
Ubuntu | linux
Summary: IBM Stack Smashing Protector (a.k.a ProPolice) kernel-
level helpers
Product: Ubuntu
Version: unspecified
Platform: i386
URL: http://www.ubuntulinux.org/wiki/UbuntuHardened
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P3
Component: linux
AssignedTo: fabbione at ubuntu.com
ReportedBy: lorenzo at debian-hardened.org
QAContact: kernel-bugs at lists.ubuntu.com
The deployment of a fully functional and more consistent libssp [1] requires
kernel-level helpers, which are also optional, but these are non-intrusive,
smooth and compliant, so, impact is non existent in both developer and user
sides, among that we provide a fine-grained way to handle the
stack_smash_handler() within libssp from, for example, SELinux, and use the
audit framework in a near future.
The helpers are two new syscalls, sys_propolice_setup() and
sys_propolice_shandler(), which provide random bytes direct gathering (without
using stdlib and get them from /dev/random in userland) and the termination &
reporting routine as replacement of original __stack_smash_handler() of
SSP/ProPolice, respectively.
The usage is quite simple:
syscall1(int, propolice_setup, unsigned long int *, __guard_rand);
propolice_setup(__guard);
syscall2(int, propolice_shandler, char *, func, int, signal);
propolice_shandler(func, SSP_SIGNAL_TYPE);
propolice_shandler() supports SIGSEGV, SIGKILL & SIGABRT.
Libssp uses specific code to make these syscalls PIC, code is at
http://cvs.tuxedo-es.org/cgi-bin/viewcvs.cgi/libssp/src/libssp-propolice-syscalls.c.
Examples of usage within Libssp are at:
http://cvs.tuxedo-es.org/cgi-bin/viewcvs.cgi/libssp/src/libssp-setup.c
http://cvs.tuxedo-es.org/cgi-bin/viewcvs.cgi/libssp/src/libssp-hander.c
Currently, the syscalls are available only for i386 (IA-32).
Libssp can work *without* these helpers, but we must consider them a major
enhancement for future development, among that they ensure that the handler and
the __guard random value setup calls can't be poisoned somehow (check
http://pearls.tuxedo-es.org/poc-nox/vuln-stack-anewhope.c for an example, maybe
not too realistic, but interesting).
Cheers,
Lorenzo.
--
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the kernel-bugs
mailing list