From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32679 invoked by alias); 30 Mar 2014 00:42:55 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 32627 invoked by uid 48); 30 Mar 2014 00:42:51 -0000 From: "sstewartgallus00 at mylangara dot bc.ca" To: glibc-bugs@sourceware.org Subject: [Bug libc/12189] __stack_chk_fail should not attempt a backtrace Date: Sun, 30 Mar 2014 00:42:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: 2.12 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: sstewartgallus00 at mylangara dot bc.ca X-Bugzilla-Status: REOPENED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-03/txt/msg00225.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=12189 Steven Stewart-Gallus changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |sstewartgallus00@mylangara. | |bc.ca --- Comment #12 from Steven Stewart-Gallus --- It might be possible to fork and execute a second uncorrupted process but simply aborting is safer and lazier. Something like the following might work: #include #include #include #include /* * In a real implementation this would be a real crash reporting * program. It would use /proc to examine debugging information such * as the command line. It could also do ptrace debugger stuff. It * could also be set by a command line option. */ #define CRASH_REPORTER "/bin/echo" void stack_overflow(void); int main() { stack_overflow(); } void stack_overflow(void) { /* * As soon as possible give control over to a fresh crash reporter * instance. If any bad things happen abort immmediately and don't * risk compromise due to an attack from an enemy. */ /* * Fork a copy of the program to be debugged from the crash * reporter instance. The copy of the program must be the child * because certain systems are hardened to only allow parents of * the processes to do certain debugging tasks. */ pid_t child = fork(); if (-1 == child) { abort(); } if (0 == child) { raise(SIGSTOP); } /* Don't bother with sprintf to minimize the chance of attacks. */ char child_string[sizeof child + 1]; memcpy(child_string, &child, sizeof child); child_string[sizeof child] = '\0'; /* * execve the crash reporter to use the thinnest possible wrapper * over the system call. */ char * argv[] = { (char *) CRASH_REPORTER, child_string, NULL }; char * envp[] = { NULL }; execve(CRASH_REPORTER, argv, envp); abort(); } -- You are receiving this mail because: You are on the CC list for the bug.