lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 25 Mar 2023 16:45:08 +0100
From:   Willy Tarreau <w@....eu>
To:     "Paul E. McKenney" <paulmck@...nel.org>
Cc:     linux@...ssschuh.net, linux-kernel@...r.kernel.org,
        Willy Tarreau <w@....eu>
Subject: [PATCH 0/8] tools/nolibc: add support for stack protector

Hello Paul,

This is essentially Thomas' work so instead of paraphrasing his work,
I'm pasting his description below. I've tested his changes on all
supported archs, applied a tiny modification with his permission
to continue to support passing CFLAGS, and for me this is all fine.
In a short summary this adds support for stack protector to i386 and
x86_64 in nolibc, and the accompanying test to the selftest program.

A new test category was added, "protection", which currently has a
single test. Archs that support it will report "OK" there and those
that do not will report "SKIPPED", as is already the case for tests
that cannot be run.

This was applied on top of your dev.2023.03.20a branch. I'm reasonably
confident with the nature of the changes, so if your queue for 6.4 is
not closed yet, it can be a good target, otherwise 6.5 will be fine as
well.

Thanks in advance!
Willy

Thomas' description below:

This is useful when using nolibc for security-critical tools.
Using nolibc has the advantage that the code is easily auditable and
sandboxable with seccomp as no unexpected syscalls are used.
Using compiler-assistent stack protection provides another security
mechanism.

For this to work the compiler and libc have to collaborate.

This patch adds the following parts to nolibc that are required by the
compiler:

* __stack_chk_guard: random sentinel value
* __stack_chk_fail: handler for detected stack smashes

In addition an initialization function is added that randomizes the
sentinel value.

Only support for global guards is implemented.
Register guards are useful in multi-threaded context which nolibc does
not provide support for.

Link: https://lwn.net/Articles/584225/


Thomas Weißschuh (8):
  tools/nolibc: add definitions for standard fds
  tools/nolibc: add helpers for wait() signal exits
  tools/nolibc: tests: constify test_names
  tools/nolibc: add support for stack protector
  tools/nolibc: tests: fold in no-stack-protector cflags
  tools/nolibc: tests: add test for -fstack-protector
  tools/nolibc: i386: add stackprotector support
  tools/nolibc: x86_64: add stackprotector support

 tools/include/nolibc/Makefile                |  4 +-
 tools/include/nolibc/arch-i386.h             |  7 ++-
 tools/include/nolibc/arch-x86_64.h           |  5 ++
 tools/include/nolibc/nolibc.h                |  1 +
 tools/include/nolibc/stackprotector.h        | 53 ++++++++++++++++
 tools/include/nolibc/types.h                 |  2 +
 tools/include/nolibc/unistd.h                |  5 ++
 tools/testing/selftests/nolibc/Makefile      | 11 +++-
 tools/testing/selftests/nolibc/nolibc-test.c | 64 +++++++++++++++++++-
 9 files changed, 144 insertions(+), 8 deletions(-)
 create mode 100644 tools/include/nolibc/stackprotector.h

-- 
2.17.5

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ