stackprotector: ascii armor the stack canary

From: riel
Date: Fri May 19 2017 - 17:37:11 EST

Next message: riel: "[PATCH 5/5] sh64: ascii armor the sh64 boot init stack canary"
Previous message: riel: "[PATCH 4/5] arm64: ascii armor the arm64 boot init stack canary"
Next in thread: Kees Cook: "Re: stackprotector: ascii armor the stack canary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zero out the first byte of the stack canary value on 64 bit systems,
in order to prevent unterminated C string overflows from being able
to successfully overwrite the canary, even if an attacker somehow
guessed or obtained the canary value.

Inspired by execshield ascii-armor and PaX/grsecurity.

Thanks to Daniel Micay for extracting code of similar functionality
from PaX/grsecurity and making it easy to find in his linux-hardened
git tree on https://github.com/thestinger/linux-hardened/

Next message: riel: "[PATCH 5/5] sh64: ascii armor the sh64 boot init stack canary"
Previous message: riel: "[PATCH 4/5] arm64: ascii armor the arm64 boot init stack canary"
Next in thread: Kees Cook: "Re: stackprotector: ascii armor the stack canary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]