Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
Re: [suse-security] Stack Overflow Protection
  • From: Robert Schiele <rschiele@xxxxxxxxxxxxxxx>
  • Date: Sat, 6 Dec 2003 01:37:05 +0100
  • Message-id: <20031206003705.GB17197@xxxxxxxxxxxxxxxxxx>
On Sat, Dec 06, 2003 at 01:09:51AM +0100, Bernhard Walle wrote:
> Hello,
>
> on http://lists.suse.com/archive/suse-security/2003-Dec/0051.html I read
> that the SuSE 9.0 update kernel contains Stack Overflow Protection. I
> tested this with a short example from an article in the German computer
> magazine c't ("Das Sicherheitsloch", c't 23/2001, p. 216)
>
> 1 void function(int a, int b, int c) {
> 2 char buffer1[8];
> 3 char buffer2[16];
> 4 int *ret;
> 5
> 6 ret = buffer1 + 12;
> 7 (*ret) += 8;
> 8 }
> 9
> 10 void main() {
> 11 int x;
> 12
> 13 x = 0;
> 14 function(1,2,3);
> 15 x = 1;
> 16 printf("%d\n",x);
> 17 }
>
> On SuSE 9.0 this produces "1", which is correct, on an old machine it
> produces "0", which is incorrect.

This is completely unrelated to this kernel feature. If current SUSE does this
"right" for you, then this is only because you are lucky and gcc does stack
allocation in a way that this crappy C-Code does no harm (in this case). But
this is just good luck.

> My questions are now:
>
> 1. Does this protection have any disadvantages?

It takes some performance.

> 2. Will it be included in future versions of the vanilla kernel?

It _is_ in the vanilla kernel.

> 3. Why is this a "hidden feature"? Why doesn't SuSE let the people know
> that they've included this stack overflow protection?

It is not hidden. It is in the changelogs. They cannot do announcements for
every kernel config option they change.

Robert

--
Robert Schiele Tel.: +49-621-181-2517
Dipl.-Wirtsch.informatiker mailto:rschiele@xxxxxxxxxxxxxxx
< Previous Next >
Follow Ups
References