[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Stack Overflow Protection



On Sat, Dec 06, 2003 at 01:09:51AM +0100, Bernhard Walle wrote:
> Hello,
> 
> on http://lists.suse.com/archive/suse-security/2003-Dec/0051.html I read
> that the SuSE 9.0 update kernel contains Stack Overflow Protection. I
> tested this with a short example from an article in the German computer
> magazine c't ("Das Sicherheitsloch", c't 23/2001, p. 216)
> 
>   1 void function(int a, int b, int c) {
>   2    char buffer1[8];
>   3    char buffer2[16];
>   4    int *ret;
>   5 
>   6    ret = buffer1 + 12;
>   7    (*ret) += 8;
>   8 }
>   9 
>  10 void main() {
>  11   int x;
>  12 
>  13   x = 0;
>  14   function(1,2,3);
>  15   x = 1;
>  16   printf("%d\n",x);
>  17 }
> 
> On SuSE 9.0 this produces "1", which is correct, on an old machine it
> produces "0", which is incorrect. 

This is completely unrelated to this kernel feature. If current SUSE does this
"right" for you, then this is only because you are lucky and gcc does stack
allocation in a way that this crappy C-Code does no harm (in this case). But
this is just good luck.

> My questions are now:
> 
>  1. Does this protection have any disadvantages?

It takes some performance.

>  2. Will it be included in future versions of the vanilla kernel?

It _is_ in the vanilla kernel.

>  3. Why is this a "hidden feature"? Why doesn't SuSE let the people know
>     that they've included this stack overflow protection?

It is not hidden. It is in the changelogs. They cannot do announcements for
every kernel config option they change.

Robert

-- 
Robert Schiele			Tel.: +49-621-181-2517
Dipl.-Wirtsch.informatiker	mailto:rschiele@xxxxxxxxxxxxxxx

Attachment: pgpyqzfPvZjPI.pgp
Description: PGP signature