On Sat, Dec 06, 2003 at 01:09:51AM +0100, Bernhard Walle wrote:
Hello,
on http://lists.suse.com/archive/suse-security/2003-Dec/0051.html I read that the SuSE 9.0 update kernel contains Stack Overflow Protection. I tested this with a short example from an article in the German computer magazine c't ("Das Sicherheitsloch", c't 23/2001, p. 216)
1 void function(int a, int b, int c) { 2 char buffer1[8]; 3 char buffer2[16]; 4 int *ret; 5 6 ret = buffer1 + 12; 7 (*ret) += 8; 8 } 9 10 void main() { 11 int x; 12 13 x = 0; 14 function(1,2,3); 15 x = 1; 16 printf("%d\n",x); 17 }
On SuSE 9.0 this produces "1", which is correct, on an old machine it produces "0", which is incorrect.
This is completely unrelated to this kernel feature. If current SUSE does this "right" for you, then this is only because you are lucky and gcc does stack allocation in a way that this crappy C-Code does no harm (in this case). But this is just good luck.
My questions are now:
1. Does this protection have any disadvantages?
It takes some performance.
2. Will it be included in future versions of the vanilla kernel?
It _is_ in the vanilla kernel.
3. Why is this a "hidden feature"? Why doesn't SuSE let the people know that they've included this stack overflow protection?
It is not hidden. It is in the changelogs. They cannot do announcements for every kernel config option they change. Robert -- Robert Schiele Tel.: +49-621-181-2517 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de