[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: vmsplice exploits, stack protector and Makefiles
* pageexec@xxxxxxxxxxx <pageexec@xxxxxxxxxxx> wrote:
> patches to get CONFIG_CC_STACKPROTECTOR_ALL actually to work (it
> includes the Makefile patch proposed in this thread already).
> note that the fix to ACPI is an actual stack corruption bug (caught by
> ssp thanks to a lucky stack layout), due to the misuse of the pci
> accessor functions, probably a whole-tree audit is in order for
> similar bugs.
> note also that the vsyscall functions (more precisely, all the code
> that goes into .vsyscall* sections) had better be separated into their
> own .c files so that they can be compiled without -mcmodel=kernel and
> use %fs for getting the ssp cookie, if ssp is desired at all there).
thanks, i've picked up your patch into x86.git#mm and also made
stackprotector-all default-enabled so that we get more test coverage of
this critical security feature. x86.git#mm can be picked up via:
head of the tree:
Author: Ingo Molnar <mingo@xxxxxxx>
Date: Wed Feb 13 16:15:34 2008 +0100
x86: enable stack-protector by default
also enable the rodata and nx tests.
your patch booted fine here with stackprotector-all enabled.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This mailing list archive is a service of Copilot Consulting.