From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 6297 invoked by alias); 26 Sep 2013 16:26:36 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 6253 invoked by uid 89); 26 Sep 2013 16:26:36 -0000 Received: from mail-vb0-f53.google.com (HELO mail-vb0-f53.google.com) (209.85.212.53) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Thu, 26 Sep 2013 16:26:36 +0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,SPAM_SUBJECT autolearn=no version=3.3.2 X-HELO: mail-vb0-f53.google.com Received: by mail-vb0-f53.google.com with SMTP id i3so1007205vbh.26 for ; Thu, 26 Sep 2013 09:26:33 -0700 (PDT) X-Received: by 10.58.77.65 with SMTP id q1mr1432374vew.8.1380212793256; Thu, 26 Sep 2013 09:26:33 -0700 (PDT) Received: from pebble.twiddle.net (50-194-63-110-static.hfc.comcastbusiness.net. [50.194.63.110]) by mx.google.com with ESMTPSA id n10sm1962142vew.4.1969.12.31.16.00.00 (version=TLSv1 cipher=RC4-SHA bits=128/128); Thu, 26 Sep 2013 09:26:32 -0700 (PDT) Message-ID: <52446034.1030502@twiddle.net> Date: Thu, 26 Sep 2013 16:26:00 -0000 From: Richard Henderson User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8 MIME-Version: 1.0 To: Will Newton CC: Carlos O'Donell , "libc-ports@sourceware.org" Subject: Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788). References: <52444A27.7050500@redhat.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2013-09/txt/msg00144.txt.bz2 On 09/26/2013 08:39 AM, Will Newton wrote: > On 26 September 2013 15:52, Carlos O'Donell wrote: > > Hi Carlos, > >> The fix for CVE-2013-4788 (bug 15754) contains a regression >> test to ensure that the pointer guard is both random and >> changes between processes. >> >> In order to create the test it was necessary to add a new >> accessor macro POINTER_CHK_GUARD to allow the regression >> test to locate and read the pointer guard value from outside >> of the library. >> >> I have added a POINTER_CHK_GUARD implementation for *all* >> machines. You need not do any work at this point. However, >> for some machines I wrote the implementation without testing >> it e.g. stack guard was just before pointer guard so >> POINTER_CHK_GUARD is the same code with a different offset. >> >> My request is that you run the testsuite and verify that >> tst-ptrguard1 and tst-ptrguard1-static pass. If they don't >> pass please email me and we can work out what might be >> wrong with your POINTER_CHK_GUARD implementation. > > I noticed that alpha does something strange in this regard. > > ports/sysdeps/unix/alpha/sysdep.h: > > /* There exists generic C code that assumes that PTR_MANGLE is always > defined. When generating code for the static libc, we don't have > __pointer_chk_guard defined. Nor is there any place that would > initialize it if it were defined, so there's little point in doing > anything more than nothing. */ > # ifndef __ASSEMBLER__ > # define PTR_MANGLE(var) > # define PTR_DEMANGLE(var) > # endif > > This looks like in the static case alpha will not benefit from the new > fix. I don't have an alpha toolchain or any particular knowledge of > alpha to verify that though. > It looks like Carlos will have just allowed that to be fixed in his patch, since __pointer_chk_guard_local is now defined if THREAD_SET_POINTER_GUARD isn't. r~