more -fstack-protector!
Andreas Schneider
asn at samba.org
Thu Mar 7 06:28:45 MST 2013
On Thursday 07 March 2013 23:19:37 Andrew Bartlett wrote:
> On Thu, 2013-03-07 at 13:07 +0100, Andreas Schneider wrote:
> > So they are really low ...
>
> Thank you so very much for the detailed analysis. On that basis I'm
> inclined not to add any additional options, and to always use this.
>
> If we actually find a fast-path function that this really hurts us on,
> we can revisit why we have stack arrays there in any case. Changing to
> a dynamic buffer will probably both resolve the security concern, and be
> more correct (if a little slower).
Just for documentation:
for f in $(<filelist); do file $f | grep "ELF 64-bit LSB shared object" &&
echo $f >> so_list; done
for f in $(<so_list); do echo -e -n "$f canary count = "; objdump -d $f | grep
xor.*fs:0x28 | wc -l; done
-- andreas
--
Andreas Schneider GPG-ID: F33E3FC6
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list