|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel][PATCH][RFC] _chk_fail and _chk canaries for minios and newlib
Samuel, I've made a small patch (attached) to minios and newlib that addresses long standing linking issues for ocaml stubdomains on non-debian distros. While minios and associated libraries are compiled with fno-stack-protector and no fortify buffer overflow protections, this doesn't produce a stubdom free of these dependencies when linking against third party libraries, e.g. Libasmrun for ocaml. It seems impractical to keep building minios specific libraries given that these options are common on all distros (now) and a potential impediment to creating stubdomains out of existing system libraries. This patch implements a minios version of the stack_chk_fail from glibc. fprintf_chk and sprintf_chk functions have been added to newlib. This split was made to ensure that minios would dump the stack and exit on a stack_chk_fail but avoid a cross-dependency between minios and newlib. If anyone has other suggestions, let me know. The _chk functions are just pass through stubs because the actual fortify implementation is not trivial for newlib. It's also not clear that minios domains benefit much from the fortify protections. This patch supports the needs of the ocaml stubdomain, other stubdomains using existing system libraries may need additional _chk stubs. George -- George S. Coker, II <gscoker@xxxxxxxxxxxxxx> Attachment:
minios-stack-buffer-overflow-canaries.diff _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |