From: Richard Henderson <rth@twiddle.net>
To: Will Newton <will.newton@linaro.org>
Cc: Carlos O'Donell <carlos@redhat.com>,
"libc-ports@sourceware.org" <libc-ports@sourceware.org>
Subject: Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788).
Date: Thu, 26 Sep 2013 16:26:00 -0000 [thread overview]
Message-ID: <52446034.1030502@twiddle.net> (raw)
In-Reply-To: <CANu=DmhR+eOxTr2L5FCHe_1w0fvqb2PVOtz-T+d2-WhHgEt1zw@mail.gmail.com>
On 09/26/2013 08:39 AM, Will Newton wrote:
> On 26 September 2013 15:52, Carlos O'Donell <carlos@redhat.com> wrote:
>
> Hi Carlos,
>
>> The fix for CVE-2013-4788 (bug 15754) contains a regression
>> test to ensure that the pointer guard is both random and
>> changes between processes.
>>
>> In order to create the test it was necessary to add a new
>> accessor macro POINTER_CHK_GUARD to allow the regression
>> test to locate and read the pointer guard value from outside
>> of the library.
>>
>> I have added a POINTER_CHK_GUARD implementation for *all*
>> machines. You need not do any work at this point. However,
>> for some machines I wrote the implementation without testing
>> it e.g. stack guard was just before pointer guard so
>> POINTER_CHK_GUARD is the same code with a different offset.
>>
>> My request is that you run the testsuite and verify that
>> tst-ptrguard1 and tst-ptrguard1-static pass. If they don't
>> pass please email me and we can work out what might be
>> wrong with your POINTER_CHK_GUARD implementation.
>
> I noticed that alpha does something strange in this regard.
>
> ports/sysdeps/unix/alpha/sysdep.h:
>
> /* There exists generic C code that assumes that PTR_MANGLE is always
> defined. When generating code for the static libc, we don't have
> __pointer_chk_guard defined. Nor is there any place that would
> initialize it if it were defined, so there's little point in doing
> anything more than nothing. */
> # ifndef __ASSEMBLER__
> # define PTR_MANGLE(var)
> # define PTR_DEMANGLE(var)
> # endif
>
> This looks like in the static case alpha will not benefit from the new
> fix. I don't have an alpha toolchain or any particular knowledge of
> alpha to verify that though.
>
It looks like Carlos will have just allowed that to be fixed in his patch,
since __pointer_chk_guard_local is now defined if THREAD_SET_POINTER_GUARD isn't.
r~
next prev parent reply other threads:[~2013-09-26 16:26 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-26 14:52 Carlos O'Donell
2013-09-26 15:39 ` Will Newton
2013-09-26 16:26 ` Richard Henderson [this message]
2013-09-27 1:06 ` Kaz Kojima
2013-09-27 1:43 ` Carlos O'Donell
2013-09-27 2:15 ` Kaz Kojima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52446034.1030502@twiddle.net \
--to=rth@twiddle.net \
--cc=carlos@redhat.com \
--cc=libc-ports@sourceware.org \
--cc=will.newton@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).