oss-sec mailing list archives
Re: Qualys Security Advisory - The Stack Clash
From: "PaX Team" <pageexec () freemail hu>
Date: Wed, 21 Jun 2017 23:29:56 +0200
On 21 Jun 2017 at 10:22, Jeff Law wrote:
On 06/21/2017 04:46 AM, Agostino Sarubbo wrote:On Monday 19 June 2017 08:28:43 Qualys Security Advisory wrote:III. Solutions - Recompile all userland code (ld.so, libraries, binaries) with GCC's "-fstack-check" option, which prevents the stack-pointer from moving into another memory region without accessing the stack guard-page (it writes one word to every 4KB page allocated on the stack).For the record, Gentoo Hardened enables by default -fstack-check=specificAnd if you were to look at the generated code, you'll see that it happily skips 2-3 pages of probes in prologues as well as within alloca spaces. It's a false sense of security.
Gentoo Hardened uses the grsecurity kernel which enforces a 64kB heap-stack gap by default (it's also user adjustable). are you saying that the gcc probes are not sufficient to prevent jumping over that range?
Current thread:
- Re: Qualys Security Advisory - The Stack Clash, (continued)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Mike O'Connor (Jun 22)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
- Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 23)
- Re: Qualys Security Advisory - The Stack Clash Kurt Seifried (Jun 23)
- Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
- Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash PaX Team (Jun 21)
- Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)