Re: vmsplice exploits, stack protector and Makefiles

LKML Archive on lore.kernel.org
help / color / mirror / Atom feed

From: Sam Ravnborg <sam@ravnborg.org>
To: Arjan van de Ven <arjan@infradead.org>
Cc: linux-kernel@vger.kernel.org, mingo@elte.hu,
	torvalds@linux-foundation.org
Subject: Re: vmsplice exploits, stack protector and Makefiles
Date: Tue, 12 Feb 2008 19:50:12 +0100	[thread overview]
Message-ID: <20080212185012.GA2348@uranus.ravnborg.org> (raw)
In-Reply-To: <20080212090001.3fcc4ca0@laptopd505.fenrus.org>

On Tue, Feb 12, 2008 at 09:00:01AM -0800, Arjan van de Ven wrote:
> 
> Hi,
> 
> I just read the excellent LWN writeup of the vmsplice security thing, and that got me
> wondering why this attack wasn't stopped by the CONFIG_CC_STACKPROTECTOR option... because
> it plain should have been...
> 
> some analysis later.. it turns out that the following line in the top level Makefile,
> added by you in October 2007, entirely disables CONFIG_CC_STACKPROTECTOR ;(
> With this line removed the exploit will be nicely stopped.
> 
> # Force gcc to behave correct even for buggy distributions
> CFLAGS          += $(call cc-option, -fno-stack-protector)
> 
> 
> Now I realize that certain distros have patched gcc to compensate for their lack of distro
> wide CFLAGS, and it's great to work around that... but would there be a way to NOT
> disable this for CONFIG_CC_STACKPROTECTOR please? It would have made this
> exploit not possible for those kernels that enable this feature (and that includes distros
> like Fedora)

I guess the problem is that we in arch/x86/Makefile enable the stackprotector
but then later in the main Makefile disables it.
So the right way to approach this should be to always disable it and the reenable it in
the arch Makefile.
So something like this?

	Sam

diff --git a/Makefile b/Makefile
index c162370..7ccf6f5 100644
--- a/Makefile
+++ b/Makefile
@@ -507,6 +507,9 @@ else
 KBUILD_CFLAGS	+= -O2
 endif
 
+# Force gcc to behave correct even for buggy distributions
+KBUILD_CFLAGS += $(call cc-option, -fno-stack-protector)
+
 include $(srctree)/arch/$(SRCARCH)/Makefile
 
 ifdef CONFIG_FRAME_POINTER
@@ -525,9 +528,6 @@ ifdef CONFIG_DEBUG_SECTION_MISMATCH
 KBUILD_CFLAGS += $(call cc-option, -fno-inline-functions-called-once)
 endif
 
-# Force gcc to behave correct even for buggy distributions
-KBUILD_CFLAGS         += $(call cc-option, -fno-stack-protector)
-
 # arch Makefile may override CC so keep this after arch Makefile is included
 NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include)
 CHECKFLAGS     += $(NOSTDINC_FLAGS)

next prev parent reply	other threads:[~2008-02-12 18:50 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-02-12 17:00 Arjan van de Ven
2008-02-12 18:50 ` Sam Ravnborg [this message]
2008-02-12 19:08   ` Arjan van de Ven
2008-02-12 19:36     ` Sam Ravnborg
2008-02-13 13:38 ` pageexec
2008-02-13 15:29   ` Ingo Molnar
2008-02-13 16:29     ` Randy Dunlap
2008-02-13 15:48       ` pageexec
2008-02-14 12:20         ` Jan Engelhardt
2008-02-13 16:48     ` Ingo Molnar
2008-02-13 16:15       ` pageexec
2008-02-14  6:16         ` Ingo Molnar
2008-02-14  7:30           ` Ingo Molnar
2008-02-14 10:23             ` pageexec
2008-02-13 15:53   ` Linus Torvalds
2008-02-13 16:01     ` Ingo Molnar
2008-02-13 17:16       ` Sam Ravnborg
2008-02-14  6:12         ` Ingo Molnar
2008-02-14  7:43   ` Sam Ravnborg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20080212185012.GA2348@uranus.ravnborg.org \
    --to=sam@ravnborg.org \
    --cc=arjan@infradead.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@elte.hu \
    --cc=torvalds@linux-foundation.org \
    --subject='Re: vmsplice exploits, stack protector and Makefiles' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).