Hardened Debian patches for GCC 3.3 and 3.4 (security related enhancements)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gcc-3.4 (Ubuntu) |
Invalid
|
Wishlist
|
Matthias Klose |
Bug Description
Hi,
As i've talked with doko about them , here is the summary of the patches that
i've made with other developers from the Hardened Debian project.
First one is the updated and re-packaged sources for IBM's Stack Smashing
Protector / ProPolice, which replaces the default protector patches coming
inside the default Debian Sarge gcc sources (gcc-3.3).Patches and UUEncoded
sources attached.
(Check for more revisions and information
http://
Second one was made by some gentoo developers (tigger and lv) and adds support
for SPECS file declaration by using an environment variable (GCC_SPECS), the
original patch can be found at http://
the dpatch is attached.
Third one does not work properly on gcc-3.3, but works without problems on later
versions of GCC.
It enables the use of the libssp by tweaking the compilation of protector stuff
on libgcc, defining it as provided by libc (-D_LIBC_
implementation of SSP/ProPolice as a shared library.
A pre-release of the 0.2 revision of libssp can be found at
http://
On gcc-3.3 the gcc/Makefile.in must be edited by hand and add after the
LIBGCC2_CFLAGS definition a simple LIBGCC2_CFLAGS += -D_LIBC_
avoid cnflicts with other crappy patches.
The results are these:
lorenzo@
libssp.so.0
libssp.so.0.2
libssp.a
libssp.so
lorenzo@
lorenzo@
vuln-stack.c: En la función `main':
vuln-stack.c:9: aviso: asignación se crea un entero desde un puntero sin una
conversión
lorenzo@
Appending [22] to a buffer thats [15] bytes long with a max buffer size of [16]
a.out: stack smashing attack in function main()
----
main=0x80000a51 __guard_
ppid=10622 pid=13512 uid=1000 euid=1000 gid=1000 egid=1000
----
Abortado
lorenzo@
Sorry of the localized messages ;-)
Any other documentation can be find at http://
Cheers,
Lorenzo.
http://
Created an attachment (id=874)
Patch for GCC 3.{3,4} to recognize the GCC_SPECS env var for specs file
declaration.
Added the GCC_SPECS related (d)patch.