StackGuard
Bartek Rozkrut
madey w viii-lo.krakow.pl
Pią, 1 Sty 1999, 19:43:38 CET
hey
Glupio tak odpowiadac na swojego mail'a :)) ale zapomnialem samego patcha
dolaczyc(hmm... chyba to wazne :)
(S)RPMS'y zrobie jak tylko dorwe sie do lacza stalego :)
(heh czyli w poniedzialek)
i jeszcze jedno - co myslicie o chroot'owaniu demonow ?
Na poczatek przesle spec'a do bind'a z chrootem...
--
-< info >--------------=[ Mad3Y ]=--------------< info >-
e-mail : madey w dione.ids.pl , madey w viii-lo.krakow.pl
www : http://madey.viii-lo.krakow.pl/
-==[ L i n u x ]=[ p o w e r e d ]==-
-------------- następna część ---------
*** Makefile.in~ Thu Jun 18 16:34:30 1998
--- Makefile.in Fri Jun 12 11:19:18 1998
***************
*** 572,576 ****
__gcc_bcmp _varargs _eprintf _op_new _op_vnew _new_handler _op_delete \
_op_vdel _bb _shtab _clear_cache _trampoline __main _exit _ctors _eh \
! _pure
# The files that "belong" in CONFIG_H are deliberately omitted
--- 572,576 ----
__gcc_bcmp _varargs _eprintf _op_new _op_vnew _new_handler _op_delete \
_op_vdel _bb _shtab _clear_cache _trampoline __main _exit _ctors _eh \
! _pure __canary_death_handler
# The files that "belong" in CONFIG_H are deliberately omitted
*** function.c~ Wed Aug 13 10:23:26 1997
--- function.c Wed Mar 11 18:21:57 1998
***************
*** 2451,2454 ****
--- 2451,2455 ----
{
rtx insn;
+ extern int canary_all_functions ; /* IMMUNIX */
/* Compute the offsets to use for this function. */
*** libgcc2.c~ Sun Nov 26 11:39:21 1995
--- libgcc2.c Fri Jun 12 12:59:26 1998
***************
*** 2442,2446 ****
#else
__unwind_function(void *ptr)
! {
abort ();
}
--- 2442,2446 ----
#else
__unwind_function(void *ptr)
! _pure{
abort ();
}
***************
*** 2471,2473 ****
--- 2471,2506 ----
_exit (-1);
}
+ #endif
+
+ #ifdef L__canary_death_handler
+
+ /* canary.c -- canary table initializer for OGI Immunix StackGuard
+ Copyright (C) 1998, Perry Wagle (wagle w cse.ogi.edu)
+ */
+
+ /*======================================================================*/
+
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <errno.h>
+ #include <stdio.h>
+
+ /*======================================================================*/
+ /* all thos canary death detection error handlers out there */
+ /* they will all send: (1) index (2) canary (3) procedure name */
+ /* and will go into infinite loop if this procedure returns */
+ /*======================================================================*/
+
+ static char *message =
+ "Canary %d = %x died in procedure %s.\n" ;
+
+ void __canary_death_handler (int index, int value, char pname[]) {
+ printf (message, index, value, pname) ;
+ syslog (1, message, index, value, pname) ;
+ raise (4) ;
+ exit (666) ;
+ }
+
#endif
*** toplev.c~ Fri Oct 20 14:56:35 1995
--- toplev.c Fri Jun 12 10:06:44 1998
***************
*** 254,257 ****
--- 254,260 ----
int output_bytecode = 0;
+ /* Flag to add IMMUNIX StackGuard canary code to function prologues and epilogues */ /* IMMUNIX */
+ int canary_all_functions = 1; /* IMMUNIX */
+
/* Pointer to function to compute the name to use to print a declaration. */
***************
*** 569,572 ****
--- 572,577 ----
{"pack-struct", &flag_pack_struct, 1},
{"bytecode", &output_bytecode, 1}
+ ,{"terminator-canary-all-functions", &canary_all_functions, 1} /* IMMUNIX */
+ ,{"random-canary-all-functions", &canary_all_functions, 2} /* IMMUNIX */
};
*** config/i386/i386.h~ Fri Sep 22 15:42:57 1995
--- config/i386/i386.h Wed Mar 11 18:29:58 1998
***************
*** 765,769 ****
/* Offset of first parameter from the argument pointer register value. */
! #define FIRST_PARM_OFFSET(FNDECL) 0
/* Value is the number of bytes of arguments automatically
--- 765,770 ----
/* Offset of first parameter from the argument pointer register value. */
! /* IMMUNIX -- if neccessary, allow for space of the canaryvalue. */
! #define FIRST_PARM_OFFSET(FNDECL) ((canary_all_functions == 0) ? 0 : 4) /* IMMUNIX */
/* Value is the number of bytes of arguments automatically
*** config/i386/i386.c~ Sun Oct 22 04:13:21 1995
--- config/i386/i386.c Fri Jun 12 10:23:35 1998
***************
*** 58,61 ****
--- 58,64 ----
char *qi_high_reg_name[] = QI_HIGH_REGISTER_NAMES;
+ int canarynum = 0 ; /* IMMUNIX-- canary counter */
+ int canaryval = 0 ; /* IMMUNIX -- canary value */
+
/* Array of the smallest class containing reg number REGNO, indexed by
REGNO. Used by REGNO_REG_CLASS in i386.h. */
***************
*** 1459,1466 ****
register int regno;
int limit;
! rtx xops[4];
int pic_reg_used = flag_pic && (current_function_uses_pic_offset_table
|| current_function_uses_const_pool);
xops[0] = stack_pointer_rtx;
xops[1] = frame_pointer_rtx;
--- 1462,1494 ----
register int regno;
int limit;
! rtx xops[6]; /* IMMUNIX -- was rtx xops[4] */
int pic_reg_used = flag_pic && (current_function_uses_pic_offset_table
|| current_function_uses_const_pool);
+ extern int canary_all_functions ; /* IMMUNIX */
+ fprintf (file, "\t/* begin prologue with size %d */\n", size); /* IMMUNIX */
+ if ( canary_all_functions == 1 ) { /* IMMUNIX */
+ if (0) fprintf(stderr,"Immunix StackGuard: Prologue %s: terminator canary: %d \n" /* IMMUNIX */
+ , current_function_name, canarynum); /* IMMUNIX */
+ xops[4] = GEN_INT (0x000aff0d); /* IMMUNIX -- NUL LF -1 CR */
+ output_asm_insn ("/* push TERMINATOR as the canaryvalue */", xops); /* IMMUNIX */
+ output_asm_insn ("pushl %4", xops); /* IMMUNIX */
+ } else if ( canary_all_functions == 2 ) { /* IMMUNIX */
+ if ( flag_pic ) /* IMMUNIX */
+ fatal ("can't codegen random canaries prologues for PIC"); /* IMMUNIX */
+ canaryval = (canaryval + 1) % 128 ; /* IMMUNIX */
+ if (0) fprintf(stderr,"Immunix StackGuard: Prologue %s: canary: %d value: %x\n" /* IMMUNIX */
+ , current_function_name, canarynum, canaryval); /* IMMUNIX */
+ xops[4] = GEN_INT (canaryval); /* IMMUNIX */
+ xops[5] = gen_rtx (REG, SImode, 2); /* IMMUNIX */
+ output_asm_insn ("/* Move canary index into register */",xops); /* IMMUNIX */
+ output_asm_insn ("movl %4,%5", xops); /* IMMUNIX */
+ output_asm_insn ("/* push canaryvalue */", xops); /* IMMUNIX */
+ output_asm_insn ("pushl __canary(,%5,4)", xops); /* IMMUNIX */
+ } else { /* IMMUNIX */
+ if (0) fprintf(stderr,"Immunix StackGuard: Prologue %s: *NO* canary: %d \n" /* IMMUNIX */
+ , current_function_name, canarynum); /* IMMUNIX */
+ } /* IMMUNIX */
+
xops[0] = stack_pointer_rtx;
xops[1] = frame_pointer_rtx;
***************
*** 1503,1506 ****
--- 1531,1535 ----
output_asm_insn ("addl $_GLOBAL_OFFSET_TABLE_+[.-%P1],%0", xops);
}
+ output_asm_insn ("/* end prologue */", xops); /* IMMUNIX */
}
***************
*** 1554,1561 ****
register int nregs, limit;
int offset;
! rtx xops[3];
int pic_reg_used = flag_pic && (current_function_uses_pic_offset_table
|| current_function_uses_const_pool);
/* Compute the number of registers to pop */
--- 1583,1593 ----
register int nregs, limit;
int offset;
! rtx xops[6]; /* IMMUNIX -- was rtx xops[3] */
int pic_reg_used = flag_pic && (current_function_uses_pic_offset_table
|| current_function_uses_const_pool);
+ extern int canary_all_functions ; /* IMMUNIX */
+ fprintf (file, "\t/* begin epilogue with size %d*/\n", size); /* IMMUNIX */
+
/* Compute the number of registers to pop */
***************
*** 1631,1635 ****
--- 1663,1701 ----
output_asm_insn (AS2 (add%L2,%0,%2), xops);
}
+ if ( canary_all_functions == 1 ) { /* IMMUNIX */
+ if (0) fprintf(stderr,"Immunix StackGuard: Epilogue %s: terminator canary: %d\n" /* IMMUNIX */
+ , current_function_name, canarynum); /* IMMUNIX */
+ xops[0] = frame_pointer_rtx; /* IMMUNIX */
+ xops[3] = GEN_INT (0x000aff0d); /* IMMUNIX -- NUL LF -1 CR */
+ xops[4] = gen_rtx (REG, SImode, 2); /* IMMUNIX -- alloc a reg*/
+ output_asm_insn ("/* begin canary check routine */",xops); /* IMMUNIX */
+ output_asm_insn ("movl %3,%4",xops); /* IMMUNIX */
+ output_asm_insn ("xorl %4,(%2)",xops); /* IMMUNIX */
+ /* output_asm_insn ("xorl %3,(%2)",xops); /* IMMUNIX */
+ fprintf(file,"\tjnz .Lcanary%d\n",canarynum); /* IMMUNIX */
+ output_asm_insn ("add%L0 $4,%2",xops); /* IMMUNIX -- pop canary */
+ output_asm_insn ("/* end of canary check routine */",xops); /* IMMUNIX */
+ } else if ( canary_all_functions == 2 ) { /* IMMUNIX */
+ if ( flag_pic ) /* IMMUNIX */
+ fatal ("can't codegen random canary epilogues for PIC"); /* IMMUNIX */
+ if (0) fprintf(stderr,"Immunix StackGuard: Epilogue %s: canary: %d value: %x\n" /* IMMUNIX */
+ , current_function_name, canarynum, canaryval); /* IMMUNIX */
+ xops[0] = frame_pointer_rtx; /* IMMUNIX */
+ xops[3] = GEN_INT (canaryval); /* IMMUNIX -- convert to rtx int */
+ xops[4] = gen_rtx (REG, SImode, 2); /* IMMUNIX -- alloc a reg*/
+ output_asm_insn ("/* begin canary check routine */",xops); /* IMMUNIX */
+ output_asm_insn ("movl %3,%4",xops); /* IMMUNIX */
+ output_asm_insn ("movl __canary(,%4,4),%4",xops); /* IMMUNIX */
+ output_asm_insn ("xorl %4,(%2)",xops); /* IMMUNIX */
+ fprintf(file,"\tjnz .Lcanary%d\n",canarynum); /* IMMUNIX */
+ output_asm_insn ("add%L0 $4,%2",xops); /* IMMUNIX -- pop canary */
+ output_asm_insn ("/* end of canary check routine */",xops); /* IMMUNIX */
+ } else { /* IMMUNIX */
+ if (0) fprintf(stderr,"Immunix StackGuard: Epilogue %s: *NO* canary: %d\n" /* IMMUNIX */
+ , current_function_name, canarynum); /* IMMUNIX */
+ } /* IMMUNIX */
+ /* IMMUNIX -- communicates rtx %3 to error handler below */
+ /* IMMUNIX -- the following just lays down the code to return, one way or another */
if (current_function_pops_args && current_function_args_size)
{
***************
*** 1653,1656 ****
--- 1719,1777 ----
else
output_asm_insn ("ret", xops);
+
+ /* IMMUNIX -- expects canary index in rtx %3 */
+ if ( canary_all_functions > 0 ) { /* IMMUNIX */
+ output_asm_insn ("/* this should immed follow a return */",xops); /* IMMUNIX */
+ output_asm_insn ("/* begin canary fail handler */",xops); /* IMMUNIX */
+ xops[5] = (rtx) gen_label_rtx (); /* IMMUNIX */
+ ASM_OUTPUT_INTERNAL_LABEL (file /* IMMUNIX -- canaryname */
+ , "L",CODE_LABEL_NUMBER (xops[5])); /* IMMUNIX */
+ fprintf(file,"\t.string\t\"%s\"\n",current_function_name); /* IMMUNIX */
+ output_asm_insn (".align 4",xops); /* IMMUNIX */
+ output_asm_insn ("/* NOTE registers & stack are corrupt */",xops); /* IMMUNIX */
+ ASM_OUTPUT_INTERNAL_LABEL (file, "Lcanary",canarynum); /* IMMUNIX */
+ if ( flag_pic ) { /* IMMUNIX */
+ output_asm_insn ("/* steal pic reg for rel addressing */",xops); /* IMMUNIX */
+ xops[0] = pic_offset_table_rtx; /* IMMUNIX */
+ xops[1] = (rtx) gen_label_rtx (); /* IMMUNIX */
+ output_asm_insn (AS1 (call,%P1), xops); /* IMMUNIX */
+ ASM_OUTPUT_INTERNAL_LABEL (file /* IMMUNIX */
+ , "L", CODE_LABEL_NUMBER (xops[1])); /* IMMUNIX */
+ output_asm_insn (AS1 (pop%L0,%0), xops); /* IMMUNIX */
+ output_asm_insn ("subl $%P1-%P5,%0", xops); /* IMMUNIX */
+ output_asm_insn (AS1 (push%L0,%0), xops); /* IMMUNIX -- arg3: proc name */
+ } else { /* IMMUNIX */
+ output_asm_insn (AS1 (push%L5,$%5), xops); /* IMMUNIX -- arg3: proc name */
+ } /* IMMUNIX */
+ if ( canary_all_functions == 1) { /* IMMUNIX */
+ xops[5] = GEN_INT (0x000aff0d); /* IMMUNIX -- NUL LF -1 CR */
+ output_asm_insn ("pushl %5",xops); /* IMMUNIX -- arg2: canary val */
+ } else if ( canary_all_functions == 2) { /* IMMUNIX */
+ if ( flag_pic ) /* IMMUNIX */
+ fatal ("can't codegen random canary epilogues for PIC"); /* IMMUNIX */
+ output_asm_insn ("movl %3,%4",xops); /* IMMUNIX */
+ output_asm_insn ("pushl __canary(,%4,4)",xops); /* IMMUNIX -- arg2: canary val */
+ } /* IMMUNIX */
+ output_asm_insn ("pushl %3",xops); /* IMMUNIX -- arg1: canary idx */
+ if ( flag_pic ) { /* IMMUNIX */
+ output_asm_insn ("/* need pic reg for stub */",xops); /* IMMUNIX */
+ xops[0] = pic_offset_table_rtx; /* IMMUNIX */
+ xops[1] = (rtx) gen_label_rtx (); /* IMMUNIX */
+ output_asm_insn (AS1 (call,%P1), xops); /* IMMUNIX */
+ ASM_OUTPUT_INTERNAL_LABEL (file /* IMMUNIX */
+ , "L", CODE_LABEL_NUMBER (xops[1])); /* IMMUNIX */
+ output_asm_insn (AS1 (pop%L0,%0), xops); /* IMMUNIX */
+ output_asm_insn ("addl $_GLOBAL_OFFSET_TABLE_+[.-%P1],%0", xops); /* IMMUNIX */
+ output_asm_insn ("call __canary_death_handler w PLT",xops); /* IMMUNIX */
+ } else /* IMMUNIX */
+ output_asm_insn ("call __canary_death_handler",xops); /* IMMUNIX */
+
+ output_asm_insn ("/* can't die; go into infinite loop */",xops); /* IMMUNIX */
+ fprintf(file,"\tjmp .\n"); /* IMMUNIX */
+ output_asm_insn ("/* end canary fail handler */",xops); /* IMMUNIX */
+ }
+
+ canarynum++; /* IMMUNIX */
+ output_asm_insn ("/* end epilogue */", xops); /* IMMUNIX */
}
Więcej informacji o liście dyskusyjnej pld-devel-pl