On Sat, 06 Dec 2003 at 01:37 (+0100), Robert Schiele wrote:
On Sat, Dec 06, 2003 at 01:09:51AM +0100, Bernhard Walle wrote:
on http://lists.suse.com/archive/suse-security/2003-Dec/0051.html I read that the SuSE 9.0 update kernel contains Stack Overflow Protection. I tested this with a short example from an article in the German computer magazine c't ("Das Sicherheitsloch", c't 23/2001, p. 216)
1 void function(int a, int b, int c) { 2 char buffer1[8]; 3 char buffer2[16]; 4 int *ret; 5 6 ret = buffer1 + 12; 7 (*ret) += 8; 8 } 9 10 void main() { 11 int x; 12 13 x = 0; 14 function(1,2,3); 15 x = 1; 16 printf("%d\n",x); 17 }
On SuSE 9.0 this produces "1", which is correct, on an old machine it produces "0", which is incorrect.
This is completely unrelated to this kernel feature. If current SUSE does this "right" for you, then this is only because you are lucky and gcc does stack allocation in a way that this crappy C-Code does no harm (in this case). But this is just good luck.
Ok, then I misunderstood something. I thought the Linux kernel Stack overflow protection does something similar like OpenBSD but they modified gcc (ProPolice) and I wondered a bit. But: What does the Kernel Stack Protection do, where can I read something about this? Gruß, Bernhard -- _________ http://www.bwalle.de _________________________________________________ Der Mensch erfand die Atombombe, doch keine Maus der Welt würde eine Mausefalle konstruieren -- Albert Einstein