From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 1136 invoked by alias); 26 Sep 2013 15:39:31 -0000 Mailing-List: contact libc-ports-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: libc-ports-owner@sourceware.org Received: (qmail 1125 invoked by uid 89); 26 Sep 2013 15:39:31 -0000 Received: from mail-ie0-f173.google.com (HELO mail-ie0-f173.google.com) (209.85.223.173) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Thu, 26 Sep 2013 15:39:31 +0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.4 required=5.0 tests=AWL,BAYES_00,NO_RELAYS,SPAM_SUBJECT autolearn=no version=3.3.2 X-HELO: mail-ie0-f173.google.com Received: by mail-ie0-f173.google.com with SMTP id ar20so1535530iec.32 for ; Thu, 26 Sep 2013 08:39:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=SeRXzGv/VOfWFnZk+1WCJ+lPK9xJnhOqnTTdx+OIgbQ=; b=OeqMogsHZozzdbpPVjypfcCQFSq62ng6Qvfw8lxeBDno8Koi6m3mg5DU6ZWI08yC5b I7T02RMLToPMtZM1lvdmkOOeBiQl3TIDTd757bOCf9p0ZPiDKz3IN6fTNNbfQMWdiuuu FI9vS9TnSXrfiavhzfDbG9ySaf1PEe1dCREWY2A2Wpekdc3vkt8fDPdmb6niwwMn9/6D AWIw+wDCOJaVJbv+VOh6vnJKinCbvdtdZA2ziSoRAcTbC8z6e/IBbT7ThR1sxTSS+egC ZxMzpqW5JLtCZJsaKIX/v7+u/UOH2ovHHtxaKKc1ZdNmDXfsTZO4nYVnTukEsjRaWnpr pqHg== X-Gm-Message-State: ALoCoQnwby/2TKrx7g0DXv2rKpAh/LABsOctqxbz1X8TVXYtTt5yimVuuzMoWazxzvJBnbTjTdga MIME-Version: 1.0 X-Received: by 10.43.126.68 with SMTP id gv4mr1833566icc.48.1380209968460; Thu, 26 Sep 2013 08:39:28 -0700 (PDT) Received: by 10.64.20.52 with HTTP; Thu, 26 Sep 2013 08:39:28 -0700 (PDT) In-Reply-To: <52444A27.7050500@redhat.com> References: <52444A27.7050500@redhat.com> Date: Thu, 26 Sep 2013 15:39:00 -0000 Message-ID: Subject: Re: All machines: Pointer guard testing update (Bug 15754, CVE-2013-4788). From: Will Newton To: "Carlos O'Donell" Cc: "libc-ports@sourceware.org" Content-Type: text/plain; charset=ISO-8859-1 X-IsSubscribed: yes X-SW-Source: 2013-09/txt/msg00143.txt.bz2 On 26 September 2013 15:52, Carlos O'Donell wrote: Hi Carlos, > The fix for CVE-2013-4788 (bug 15754) contains a regression > test to ensure that the pointer guard is both random and > changes between processes. > > In order to create the test it was necessary to add a new > accessor macro POINTER_CHK_GUARD to allow the regression > test to locate and read the pointer guard value from outside > of the library. > > I have added a POINTER_CHK_GUARD implementation for *all* > machines. You need not do any work at this point. However, > for some machines I wrote the implementation without testing > it e.g. stack guard was just before pointer guard so > POINTER_CHK_GUARD is the same code with a different offset. > > My request is that you run the testsuite and verify that > tst-ptrguard1 and tst-ptrguard1-static pass. If they don't > pass please email me and we can work out what might be > wrong with your POINTER_CHK_GUARD implementation. I noticed that alpha does something strange in this regard. ports/sysdeps/unix/alpha/sysdep.h: /* There exists generic C code that assumes that PTR_MANGLE is always defined. When generating code for the static libc, we don't have __pointer_chk_guard defined. Nor is there any place that would initialize it if it were defined, so there's little point in doing anything more than nothing. */ # ifndef __ASSEMBLER__ # define PTR_MANGLE(var) # define PTR_DEMANGLE(var) # endif This looks like in the static case alpha will not benefit from the new fix. I don't have an alpha toolchain or any particular knowledge of alpha to verify that though. -- Will Newton Toolchain Working Group, Linaro