This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: stack guard updating source
I think we can redefine THREAD_COPY_STACK_GUARD macro, which used in
__pthread_create_2_1 function.
This macro has value:
#define THREAD_COPY_STACK_GUARD(descr) \
((descr)->header.stack_guard \
= THREAD_GETMEM (THREAD_SELF, header.stack_guard))
We can override macro for reading new random value from /dev/random,
it target supports it:
#define THREAD_COPY_STACK_GUARD(descr) \
((descr)->header.stack_guard \
= get_new_guard_value(header.stack_guard)
Also, I'll implement function get_new_guard_value (reading new random
value from /dev/urandom).
Changes don't change the previous semantics. I think, changes don't
affect setcontent/getcontent. Am I right?
2012/10/26 Andrew Pinski <pinskia@gmail.com>:
> On Fri, Oct 26, 2012 at 1:24 AM, Sergey Melnikov <sergey.devel@gmail.com> wrote:
>> Is is necessary to implement guard value randomization for every
>> thread? It will be more securely.
>
> I don't think that will work correctly with things like
> setcontent/getcontent and threads then.
>
> Thanks,
> Andrew
>
>
>>
>> 2012/10/10 Mike Frysinger <vapier@gentoo.org>:
>>> On Wednesday 10 October 2012 02:12:41 Sergey Melnikov wrote:
>>>> The guard value is identical for any thread, the guard value isn't
>>>> thread specific.
>>>
>>> please re-read what Roland said. the gs:0x14 access is purely for speed, not
>>> because we want the value to be different for each thread.
>>> -mike