[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: vmsplice exploits, stack protector and Makefiles


* pageexec@xxxxxxxxxxx <pageexec@xxxxxxxxxxx> wrote:

> patches to get CONFIG_CC_STACKPROTECTOR_ALL actually to work (it 
> includes the Makefile patch proposed in this thread already).
> 
> note that the fix to ACPI is an actual stack corruption bug (caught by 
> ssp thanks to a lucky stack layout), due to the misuse of the pci 
> accessor functions, probably a whole-tree audit is in order for 
> similar bugs.
> 
> note also that the vsyscall functions (more precisely, all the code 
> that goes into .vsyscall* sections) had better be separated into their 
> own .c files so that they can be compiled without -mcmodel=kernel and 
> use %fs for getting the ssp cookie, if ssp is desired at all there).

thanks, i've picked up your patch into x86.git#mm and also made 
stackprotector-all default-enabled so that we get more test coverage of 
this critical security feature. x86.git#mm can be picked up via:

  http://people.redhat.com/mingo/x86.git/README

head of the tree:

  ---------------->
  commit e1d96d3e489d02b12984fb3c755b0f9a9ae0fe5f
  Author: Ingo Molnar <mingo@xxxxxxx>
  Date:   Wed Feb 13 16:15:34 2008 +0100

      x86: enable stack-protector by default

      also enable the rodata and nx tests.
  <----------------

your patch booted fine here with stackprotector-all enabled.

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/


This mailing list archive is a service of Copilot Consulting.