[Bug 8551] New: IBM Stack Smashing Protector (a.k.a ProPolice) kernel-level helpers

bugzilla-daemon at bugzilla.ubuntu.com bugzilla-daemon at bugzilla.ubuntu.com
Sat Apr 2 19:23:45 UTC 2005 

Please do not reply to this email.  You can add comments at
http://bugzilla.ubuntu.com/show_bug.cgi?id=8551
Ubuntu | linux

           Summary: IBM Stack Smashing Protector (a.k.a ProPolice) kernel-
                    level helpers
           Product: Ubuntu
           Version: unspecified
          Platform: i386
               URL: http://www.ubuntulinux.org/wiki/UbuntuHardened
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P3
         Component: linux
        AssignedTo: fabbione at ubuntu.com
        ReportedBy: lorenzo at debian-hardened.org
         QAContact: kernel-bugs at lists.ubuntu.com


The deployment of a fully functional and more consistent libssp [1] requires
kernel-level helpers, which are also optional, but these are non-intrusive,
smooth and compliant, so, impact is non existent in both developer and user
sides, among that we provide a  fine-grained way to handle the
stack_smash_handler() within libssp from, for example, SELinux, and use the
audit framework in a near future.

The helpers are two new syscalls, sys_propolice_setup() and
sys_propolice_shandler(), which provide random bytes direct gathering (without
using stdlib and get them from /dev/random in userland) and the termination &
reporting routine as replacement of original __stack_smash_handler() of
SSP/ProPolice, respectively.

The usage is quite simple:

 syscall1(int, propolice_setup, unsigned long int *, __guard_rand);
 propolice_setup(__guard);

 syscall2(int, propolice_shandler, char *, func, int, signal);
 propolice_shandler(func, SSP_SIGNAL_TYPE);

propolice_shandler() supports SIGSEGV, SIGKILL & SIGABRT.

Libssp uses specific code to make these syscalls PIC, code is at
http://cvs.tuxedo-es.org/cgi-bin/viewcvs.cgi/libssp/src/libssp-propolice-syscalls.c.

Examples of usage within Libssp are at:
http://cvs.tuxedo-es.org/cgi-bin/viewcvs.cgi/libssp/src/libssp-setup.c
http://cvs.tuxedo-es.org/cgi-bin/viewcvs.cgi/libssp/src/libssp-hander.c


Currently, the syscalls are available only for i386 (IA-32).
Libssp can work *without* these helpers, but we must consider them a major
enhancement for future development, among that they ensure that the handler and
the __guard random value setup calls can't be poisoned somehow (check
http://pearls.tuxedo-es.org/poc-nox/vuln-stack-anewhope.c for an example, maybe
not too realistic, but interesting).

Cheers,
Lorenzo.

-- 
Configure bugmail: http://bugzilla.ubuntu.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

More information about the kernel-bugs mailing list