Re: propolice support for linux

From: Christoph Hellwig
Date: Thu Jan 13 2005 - 09:06:31 EST

Next message: Arjan van de Ven: "Re: propolice support for linux"
Previous message: Han Boetes: "propolice support for linux"
In reply to: Han Boetes: "propolice support for linux"
Next in thread: Arjan van de Ven: "Re: propolice support for linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> --- linux-2.6.3/Makefile 2004-02-17 22:58:39.000000000 -0500
> +++ linux-2.6.3.ssp/Makefile 2004-03-03 10:20:29.000000000 -0500

2.6.3 is from stoneage..

> +ifdef CONFIG_HARDENED_SSP
> +CFLAGS += -fstack-protector
> +endif

What about just CONFIG_PROPOLICY? The hardnedefoo naming is so childish
(or gentooish, in the end it's the same anyway..)

> diff -urN linux-2.6.3/include/linux/kernel.h linux-2.6.3.ssp/include/linux/kernel.h
> --- linux-2.6.3/include/linux/kernel.h 2004-02-17 22:57:11.000000000 -0500
> +++ linux-2.6.3.ssp/include/linux/kernel.h 2004-03-03 10:08:10.000000000 -0500
> @@ -115,6 +115,10 @@
> #define TAINT_FORCED_RMMOD (1<<3)
>
> extern void dump_stack(void);
> +#ifdef CONFIG_HARDENED_SSP
> +extern int __guard;
> +extern void __stack_smash_handler(int, char []);
> +#endif

What do you need these prototypes for, they're not used at all. Also
no need to put ifdefs around them.

> diff -urN linux-2.6.3/lib/propolice.c linux-2.6.3.ssp/lib/propolice.c
> --- linux-2.6.3/lib/propolice.c 1969-12-31 19:00:00.000000000 -0500
> +++ linux-2.6.3.ssp/lib/propolice.c 2004-03-03 17:52:48.000000000 -0500
> @@ -0,0 +1,15 @@
> +#include <linux/module.h>
> +#include <linux/errno.h>

What do you need errno for?

>
> +
> +EXPORT_SYMBOL_NOVERS(__guard);
> +EXPORT_SYMBOL_NOVERS(__stack_smash_handler);
> +
> +int __guard = '\0\0\n\777';
> +
> +void
> +__stack_smash_handler (int damaged, char func[])
> +{
> + static char *message = "propolice detects %x at function %s.\n" ;
> + panic (message, damaged, func);
> +}

ah, it seems you need them because you put the exports before the
delaration. This file should probably look more like:

/*
* Insert Copyright here.
*
* Insert small description here.
*/
#include <linux/kernel.h>
#include <linux/module.h>

int __guard = '\0\0\n\777';
EXPORT_SYMBOL_NOVERS(__guard);

static const char message[] = "propolice detects %x at function %s.\n";

void __stack_smash_handler(int damaged, char func[])
{
panic(message, damaged, func);
}
EXPORT_SYMBOL_NOVERS(__stack_smash_handler);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Arjan van de Ven: "Re: propolice support for linux"
Previous message: Han Boetes: "propolice support for linux"
In reply to: Han Boetes: "propolice support for linux"
Next in thread: Arjan van de Ven: "Re: propolice support for linux"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]