This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

randomized stack protector value

From: Kees Cook <kees at canonical dot com>
To: libc-alpha at sourceware dot org
Date: Wed, 1 Oct 2008 13:11:16 -0700
Subject: randomized stack protector value

Hello!

I recently found Jakub Jelinek's excellent randomization patch[1]
for glibc's stack protection value (see _dl_setup_stack_chk_guard).
This method is preferred over --enable-stackguard-randomization which
opens /dev/urandom on every exec (which is considered to be too expensive
for general use).

I'd like to see this "good enough randomization" option in mainline glibc,
but I could not find any discussion of it (though there is reference to
the feature existing[2]).

What would be needed to help get this approved?

Thanks,

-Kees

[1] http://launchpadlibrarian.net/18024140/glibc_2.8~20080505-0ubuntu6_2.8~20080505-0ubuntu7.diff.gz
[2] http://sourceware.org/ml/libc-alpha/2007-06/msg00112.html

-- 
Kees Cook
Ubuntu Security Team

Follow-Ups:
- Re: randomized stack protector value
  - From: Ulrich Drepper

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]