Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261942AbVANKdk (ORCPT ); Fri, 14 Jan 2005 05:33:40 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261939AbVANKdk (ORCPT ); Fri, 14 Jan 2005 05:33:40 -0500 Received: from cc15144-a.groni1.gr.home.nl ([217.120.147.78]:43564 "HELO boetes.org") by vger.kernel.org with SMTP id S261942AbVANKad (ORCPT ); Fri, 14 Jan 2005 05:30:33 -0500 Date: Fri, 14 Jan 2005 11:30:29 +0100 From: Han Boetes To: linux-kernel@vger.kernel.org Subject: Re: propolice support for linux Message-ID: <20050114103051.GJ14127@boetes.org> Mail-Followup-To: linux-kernel@vger.kernel.org References: <20050113134620.GA14127@boetes.org> <20050113140446.GA22381@infradead.org> <20050113163733.GB14127@boetes.org> <20050114042542.GB64314@gaz.sfgoth.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050114042542.GB64314@gaz.sfgoth.com> User-Agent: Mutt/1.5.6i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2669 Lines: 82 Thanks for your excellent comments. However unimportant this patch is for kernel-security at least lets make it an exercise in decent coding :-) --- linux-2.6.9/lib/Makefile.orig 2005-01-13 16:47:58.564198904 +0100 +++ linux-2.6.9/lib/Makefile 2005-01-13 17:06:29.124368096 +0100 @@ -23,6 +23,8 @@ obj-$(CONFIG_GENERIC_IOMAP) += iomap.o obj-$(CONFIG_ZLIB_INFLATE) += zlib_inflate/ obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate/ +obj-$(CONFIG_PROPOLICE) += propolice.o + hostprogs-y := gen_crc32table clean-files := crc32table.h --- linux-2.6.9/security/Kconfig.orig 2004-10-18 23:54:39.000000000 +0200 +++ linux-2.6.9/security/Kconfig 2005-01-13 16:57:23.130371800 +0100 @@ -44,6 +44,18 @@ config SECURITY_ROOTPLUG If you are unsure how to answer this question, answer N. +config PROPOLICE + bool 'GCC ProPolice SSP build support' + help + This enables kernel building with stack-smashing protection + via the -fstack-protector GCC flag, if you have GCC build with + propolice. + + See for + more information about this compiler-extension. + + If you are unsure how to answer this question, answer N. + source security/selinux/Kconfig endmenu --- linux-2.6.9/Makefile.orig 2005-01-13 16:38:39.479192744 +0100 +++ linux-2.6.9/Makefile 2005-01-13 16:40:45.139089536 +0100 @@ -490,6 +490,10 @@ ifndef CONFIG_FRAME_POINTER CFLAGS += -fomit-frame-pointer endif +ifdef CONFIG_PROPOLICE +CFLAGS += -fstack-protector +endif + ifdef CONFIG_DEBUG_INFO CFLAGS += -g endif --- linux-2.6.9/lib/propolice.c.orig 2005-01-13 17:08:49.920963760 +0100 +++ linux-2.6.9/lib/propolice.c 2005-01-14 11:23:14.786142384 +0100 @@ -0,0 +1,22 @@ +/* + * Copyright 2005, Han Boetes + * + * This code adds support for the propolice stacksmashing + * extension for gcc. + * http://www.research.ibm.com/trl/projects/security/ssp/ + * + * This source code is licensed under the GNU General Public + * License, Version 2. See the file COPYING for more details. + * + */ +#include +#include + +unsigned char __guard[sizeof(int)] = {'\0', '\0', '\n', (unsigned char) -1}; +EXPORT_SYMBOL(__guard); + +void __stack_smash_handler(unsigned int damaged, const char *func) +{ + panic("propolice detects %x at function %s.\n", damaged, func); +} +EXPORT_SYMBOL(__stack_smash_handler); # Han - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/