From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 20545 invoked by alias); 26 Sep 2013 14:52:26 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 20535 invoked by uid 89); 26 Sep 2013 14:52:25 -0000 Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 26 Sep 2013 14:52:25 +0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,RP_MATCHES_RCVD,SPAM_SUBJECT autolearn=no version=3.3.2 X-HELO: mx1.redhat.com Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id r8QEqORu024402 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 26 Sep 2013 10:52:24 -0400 Received: from [10.3.113.163] (ovpn-113-163.phx2.redhat.com [10.3.113.163]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id r8QEqNDD026333 for ; Thu, 26 Sep 2013 10:52:23 -0400 Message-ID: <52444A27.7050500@redhat.com> Date: Thu, 26 Sep 2013 14:52:00 -0000 From: "Carlos O'Donell" User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8 MIME-Version: 1.0 To: "libc-ports@sourceware.org" Subject: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788). Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2013-09/txt/msg00140.txt.bz2 All machines, The fix for CVE-2013-4788 (bug 15754) contains a regression test to ensure that the pointer guard is both random and changes between processes. In order to create the test it was necessary to add a new accessor macro POINTER_CHK_GUARD to allow the regression test to locate and read the pointer guard value from outside of the library. I have added a POINTER_CHK_GUARD implementation for *all* machines. You need not do any work at this point. However, for some machines I wrote the implementation without testing it e.g. stack guard was just before pointer guard so POINTER_CHK_GUARD is the same code with a different offset. My request is that you run the testsuite and verify that tst-ptrguard1 and tst-ptrguard1-static pass. If they don't pass please email me and we can work out what might be wrong with your POINTER_CHK_GUARD implementation. Cheers, Carlos.