oss-sec mailing list archives

Re: Qualys Security Advisory - The Stack Clash

From: Jeff Law <law () redhat com>
Date: Wed, 21 Jun 2017 10:22:20 -0600

On 06/21/2017 04:46 AM, Agostino Sarubbo wrote:

On Monday 19 June 2017 08:28:43 Qualys Security Advisory wrote:

III. Solutions
- Recompile all userland code (ld.so, libraries, binaries) with GCC's
  "-fstack-check" option, which prevents the stack-pointer from moving
  into another memory region without accessing the stack guard-page (it
  writes one word to every 4KB page allocated on the stack).


For the record, Gentoo Hardened enables by default -fstack-check=specific

And if you were to look at the generated code, you'll see that it
happily skips 2-3 pages of probes in prologues as well as within alloca
spaces.  It's a false sense of security.

jeff

Current thread:

Re: Qualys Security Advisory - The Stack Clash, (continued)
- - Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Daniel Micay (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Brad Spengler (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Mike O'Connor (Jun 22)
    - Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
    - Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 23)
    - Re: Qualys Security Advisory - The Stack Clash Kurt Seifried (Jun 23)
    - Re: Qualys Security Advisory - The Stack Clash Solar Designer (Jun 24)
    - Re: Qualys Security Advisory - The Stack Clash Qualys Security Advisory (Jun 21)
  - Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash PaX Team (Jun 21)
    - Re: Qualys Security Advisory - The Stack Clash Jeff Law (Jun 21)