public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "sstewartgallus00 at mylangara dot bc.ca" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sourceware.org Subject: [Bug libc/12189] __stack_chk_fail should not attempt a backtrace Date: Sun, 30 Mar 2014 00:42:00 -0000 [thread overview] Message-ID: <bug-12189-131-n9nw1DRtE8@http.sourceware.org/bugzilla/> (raw) In-Reply-To: <bug-12189-131@http.sourceware.org/bugzilla/> https://sourceware.org/bugzilla/show_bug.cgi?id=12189 Steven Stewart-Gallus <sstewartgallus00 at mylangara dot bc.ca> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sstewartgallus00@mylangara. | |bc.ca --- Comment #12 from Steven Stewart-Gallus <sstewartgallus00 at mylangara dot bc.ca> --- It might be possible to fork and execute a second uncorrupted process but simply aborting is safer and lazier. Something like the following might work: #include <signal.h> #include <stdlib.h> #include <string.h> #include <unistd.h> /* * In a real implementation this would be a real crash reporting * program. It would use /proc to examine debugging information such * as the command line. It could also do ptrace debugger stuff. It * could also be set by a command line option. */ #define CRASH_REPORTER "/bin/echo" void stack_overflow(void); int main() { stack_overflow(); } void stack_overflow(void) { /* * As soon as possible give control over to a fresh crash reporter * instance. If any bad things happen abort immmediately and don't * risk compromise due to an attack from an enemy. */ /* * Fork a copy of the program to be debugged from the crash * reporter instance. The copy of the program must be the child * because certain systems are hardened to only allow parents of * the processes to do certain debugging tasks. */ pid_t child = fork(); if (-1 == child) { abort(); } if (0 == child) { raise(SIGSTOP); } /* Don't bother with sprintf to minimize the chance of attacks. */ char child_string[sizeof child + 1]; memcpy(child_string, &child, sizeof child); child_string[sizeof child] = '\0'; /* * execve the crash reporter to use the thinnest possible wrapper * over the system call. */ char * argv[] = { (char *) CRASH_REPORTER, child_string, NULL }; char * envp[] = { NULL }; execve(CRASH_REPORTER, argv, envp); abort(); } -- You are receiving this mail because: You are on the CC list for the bug.
next prev parent reply other threads:[~2014-03-30 0:42 UTC|newest] Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top 2010-11-03 21:20 [Bug libc/12189] New: " kees at outflux dot net 2010-11-04 1:04 ` [Bug libc/12189] " drepper.fsp at gmail dot com 2010-11-04 9:52 ` pasky at suse dot cz 2010-11-04 11:25 ` drepper.fsp at gmail dot com 2013-08-29 21:46 ` kees at outflux dot net 2013-08-29 21:47 ` kees at outflux dot net 2013-08-29 21:53 ` kees at outflux dot net 2013-08-30 17:56 ` carlos at redhat dot com 2013-08-30 18:26 ` bugdal at aerifal dot cx 2013-08-30 19:12 ` carlos at redhat dot com 2013-08-30 20:52 ` joseph at codesourcery dot com 2013-08-30 21:02 ` joseph at codesourcery dot com 2013-09-03 20:43 ` carlos at redhat dot com 2014-03-30 0:42 ` sstewartgallus00 at mylangara dot bc.ca [this message] 2014-06-13 10:58 ` fweimer at redhat dot com 2014-06-13 12:18 ` fweimer at redhat dot com 2015-02-24 12:46 ` [Bug libc/12189] __stack_chk_fail should not attempt a backtrace (CVE-2010-3192) fweimer at redhat dot com 2015-02-24 12:48 ` fweimer at redhat dot com 2015-04-28 19:18 ` carlos at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-12189-131-n9nw1DRtE8@http.sourceware.org/bugzilla/ \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).