Re: [kernel-hardening] Re: [PATCH] fork: make whole stack_canary random

From: Daniel Micay
Date: Mon Oct 31 2016 - 17:01:21 EST

Next message: Don Zickus: "Re: [RFC PATCH 0/4] Clean up watchdog handlers"
Previous message: Mauro Carvalho Chehab: "Re: make pdfdocs fails with v4.9-rc3"
In reply to: Daniel Micay: "Re: [kernel-hardening] Re: [PATCH] fork: make whole stack_canary random"
Next in thread: Florian Weimer: "Re: [kernel-hardening] Re: [PATCH] fork: make whole stack_canary random"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> It makes a lot of sense on x86_64 where it means the canary is still
> 56
> bits. Also, you want -fstack-check for protecting again stack
> overflows
> rather than stack *buffer* overflow. SSP won't really help you in that
> regard. Sadly, while -fstack-check now works well in GCC 6 with little
> performance cost, it's not really a complete feature (and Clang impls
> it
> as a no-op!).

Note: talking about userspace after the entropy bit. The kernel doesn't
really -fstack-check, at least in even slightly sane code...

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Don Zickus: "Re: [RFC PATCH 0/4] Clean up watchdog handlers"
Previous message: Mauro Carvalho Chehab: "Re: make pdfdocs fails with v4.9-rc3"
In reply to: Daniel Micay: "Re: [kernel-hardening] Re: [PATCH] fork: make whole stack_canary random"
Next in thread: Florian Weimer: "Re: [kernel-hardening] Re: [PATCH] fork: make whole stack_canary random"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]