|
|
|
|
|
|
|
|
|
|
xen-devel
[Xen-devel][PATCH][RFC] _chk_fail and _chk canaries for minios and newli
Samuel,
I've made a small patch (attached) to minios and newlib that addresses long
standing linking issues for ocaml stubdomains on non-debian distros. While
minios and associated libraries are compiled with fno-stack-protector and no
fortify buffer overflow protections, this doesn't produce a stubdom free of
these dependencies when linking against third party libraries, e.g.
Libasmrun for ocaml. It seems impractical to keep building minios specific
libraries given that these options are common on all distros (now) and a
potential impediment to creating stubdomains out of existing system
libraries.
This patch implements a minios version of the stack_chk_fail from glibc.
fprintf_chk and sprintf_chk functions have been added to newlib. This split
was made to ensure that minios would dump the stack and exit on a
stack_chk_fail but avoid a cross-dependency between minios and newlib. If
anyone has other suggestions, let me know.
The _chk functions are just pass through stubs because the actual fortify
implementation is not trivial for newlib. It's also not clear that minios
domains benefit much from the fortify protections. This patch supports the
needs of the ocaml stubdomain, other stubdomains using existing system
libraries may need additional _chk stubs.
George
--
George S. Coker, II <gscoker@xxxxxxxxxxxxxx>
minios-stack-buffer-overflow-canaries.diff
Description: Binary data
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Xen-devel][PATCH][RFC] _chk_fail and _chk canaries for minios and newlib,
George S. Coker, II <=
|
|
|
|
|