Tests with Jammy.
Environment: -----------
$ lsb_release -cs jammy
$ uname -m aarch64
$ sudo dmesg | grep DMI: [ 0.004570] DMI: Amazon EC2 t4g.nano/, BIOS 1.0 11/1/2018
Setup: -----
ulimit -c unlimited echo '/var/crash/core.%e' | sudo tee /proc/sys/kernel/core_pattern echo 0 | sudo tee /proc/sys/kernel/core_uses_pid
# Test-cases # https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html
cat <<EOF >example-dynamic.c #include <stdint.h> #include <stdio.h> #include <stdlib.h>
int main(int argc, char **argv) { if (argc != 2) return 1;
// Variable-length array uint8_t input[atoi(argv[1])];
size_t n = fread(input, 1, 4096, stdin); fwrite(input, 1, n, stdout);
return 0; } EOF
cat <<EOF >example-static.c #include <stdint.h> #include <stdio.h> #include <stdlib.h>
int main(void) { uint8_t input[8];
Original packages: ----------------- - Dynamic: Bus error (*NOT* 'buffer overflow deteced'): FAIL - Static: Aborted ('buffer overflow detected'): PASS
sudo apt update sudo apt install --yes gcc-{9,10,11,12} gdb
# Test 1 (Dynamic)
for GCC in gcc-{9,10,11,12}; do echo "Test $GCC (dynamic)" PROG="test-$GCC" CORE="/var/crash/core.$PROG" $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -o $PROG example-dynamic.c
rm -f $CORE echo -n 'DDDDDDDDPPPPPPPPFFFFFFFFAAAAAAAA' | ./$PROG 8 gdb --batch -ex bt $PROG $CORE | grep -e '^#1' echo done
Test gcc-9 Bus error (core dumped) #1 0x4141414141414141 in ?? ()
Test gcc-10 Bus error (core dumped) #1 0x4141414141414141 in ?? ()
Test gcc-11 Bus error (core dumped) #1 0x4141414141414141 in ?? ()
Test gcc-12 Bus error (core dumped) #1 0x4141414141414141 in ?? ()
# Test 2 (Static)
for GCC in gcc-{9,10,11,12}; do echo "Test $GCC (static)" PROG="test-$GCC" CORE="/var/crash/core.$PROG" $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -Wno-attribute-warning -o $PROG example-static.c
rm -f $CORE echo -n 'DDDDDDDDGGGGGGGG' | ./$PROG gdb --batch -ex bt $PROG $CORE | grep '^#1' echo done
Test gcc-9 *** buffer overflow detected ***: terminated Aborted (core dumped) #1 0x000000000040545c in raise ()
Test gcc-10 *** buffer overflow detected ***: terminated Aborted (core dumped) #1 0x000000000040545c in raise ()
Test gcc-11 *** buffer overflow detected ***: terminated Aborted (core dumped) #1 0x000000000040545c in raise ()
Test gcc-12 *** buffer overflow detected ***: terminated Aborted (core dumped) #1 0x000000000040545c in raise ()
Modified packages: ----------------- - Dynamic: Aborted ('buffer overflow deteced'): PASS (fixed) - Static: Aborted ('buffer overflow detected'): PASS (no regression)
sudo add-apt-repository -y ppa:mfo/lp2054343 sudo apt install --yes gcc-{9,10,11,12} gdb
Test gcc-9 (dynamic) *** stack smashing detected ***: terminated Aborted (core dumped) #1 0x000000000040549c in raise ()
Test gcc-10 (dynamic) *** stack smashing detected ***: terminated Aborted (core dumped) #1 0x00000000004054dc in raise ()
Test gcc-11 (dynamic) *** stack smashing detected ***: terminated Aborted (core dumped) #1 0x00000000004054dc in raise ()
Test gcc-12 (dynamic) *** stack smashing detected ***: terminated Aborted (core dumped) #1 0x00000000004054dc in raise ()
Test gcc-9 (static) *** buffer overflow detected ***: terminated Aborted (core dumped) #1 0x000000000040545c in raise ()
Test gcc-10 (static) *** buffer overflow detected ***: terminated Aborted (core dumped) #1 0x000000000040545c in raise ()
Test gcc-11 (static) *** buffer overflow detected ***: terminated Aborted (core dumped) #1 0x000000000040545c in raise ()
Test gcc-12 (static) *** buffer overflow detected ***: terminated Aborted (core dumped) #1 0x000000000040545c in raise ()
Tests with Jammy.
Environment:
-----------
$ lsb_release -cs
jammy
$ uname -m
aarch64
$ sudo dmesg | grep DMI:
[ 0.004570] DMI: Amazon EC2 t4g.nano/, BIOS 1.0 11/1/2018
Setup:
-----
ulimit -c unlimited core.%e' | sudo tee /proc/sys/ kernel/ core_pattern kernel/ core_uses_ pid
echo '/var/crash/
echo 0 | sudo tee /proc/sys/
# Test-cases /rtx.meta. security/ mitigation/ 2023/09/ 12/CVE- 2023-4039. html
# https:/
cat <<EOF >example-dynamic.c
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char **argv) {
if (argc != 2)
return 1;
// Variable-length array argv[1] )];
uint8_t input[atoi(
size_t n = fread(input, 1, 4096, stdin);
fwrite(input, 1, n, stdout);
return 0;
}
EOF
cat <<EOF >example-static.c
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
int main(void) {
uint8_t input[8];
size_t n = fread(input, 1, 4096, stdin);
fwrite(input, 1, n, stdout);
return 0;
}
EOF
Original packages:
-----------------
- Dynamic: Bus error (*NOT* 'buffer overflow deteced'): FAIL
- Static: Aborted ('buffer overflow detected'): PASS
sudo apt update
sudo apt install --yes gcc-{9,10,11,12} gdb
# Test 1 (Dynamic)
for GCC in gcc-{9,10,11,12}; do "/var/crash/ core.$PROG" protector- all -O3 -static -Wall -Wextra -pedantic -o $PROG example-dynamic.c
echo "Test $GCC (dynamic)"
PROG="test-$GCC"
CORE=
$GCC -fstack-
rm -f $CORE PPFFFFFFFFAAAAA AAA' | ./$PROG 8
echo -n 'DDDDDDDDPPPPPP
gdb --batch -ex bt $PROG $CORE | grep -e '^#1'
echo
done
Test gcc-9
Bus error (core dumped)
#1 0x4141414141414141 in ?? ()
Test gcc-10
Bus error (core dumped)
#1 0x4141414141414141 in ?? ()
Test gcc-11
Bus error (core dumped)
#1 0x4141414141414141 in ?? ()
Test gcc-12
Bus error (core dumped)
#1 0x4141414141414141 in ?? ()
# Test 2 (Static)
for GCC in gcc-{9,10,11,12}; do "/var/crash/ core.$PROG" protector- all -O3 -static -Wall -Wextra -pedantic -Wno-attribute- warning -o $PROG example-static.c
echo "Test $GCC (static)"
PROG="test-$GCC"
CORE=
$GCC -fstack-
rm -f $CORE
echo -n 'DDDDDDDDGGGGGGGG' | ./$PROG
gdb --batch -ex bt $PROG $CORE | grep '^#1'
echo
done
Test gcc-9
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x000000000040545c in raise ()
Test gcc-10
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x000000000040545c in raise ()
Test gcc-11
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x000000000040545c in raise ()
Test gcc-12
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x000000000040545c in raise ()
Modified packages:
-----------------
- Dynamic: Aborted ('buffer overflow deteced'): PASS (fixed)
- Static: Aborted ('buffer overflow detected'): PASS (no regression)
sudo add-apt-repository -y ppa:mfo/lp2054343
sudo apt install --yes gcc-{9,10,11,12} gdb
# Test 1 (Dynamic)
for GCC in gcc-{9,10,11,12}; do "/var/crash/ core.$PROG" protector- all -O3 -static -Wall -Wextra -pedantic -o $PROG example-dynamic.c
echo "Test $GCC (dynamic)"
PROG="test-$GCC"
CORE=
$GCC -fstack-
rm -f $CORE PPFFFFFFFFAAAAA AAA' | ./$PROG 8
echo -n 'DDDDDDDDPPPPPP
gdb --batch -ex bt $PROG $CORE | grep -e '^#1'
echo
done
Test gcc-9 (dynamic)
*** stack smashing detected ***: terminated
Aborted (core dumped)
#1 0x000000000040549c in raise ()
Test gcc-10 (dynamic)
*** stack smashing detected ***: terminated
Aborted (core dumped)
#1 0x00000000004054dc in raise ()
Test gcc-11 (dynamic)
*** stack smashing detected ***: terminated
Aborted (core dumped)
#1 0x00000000004054dc in raise ()
Test gcc-12 (dynamic)
*** stack smashing detected ***: terminated
Aborted (core dumped)
#1 0x00000000004054dc in raise ()
# Test 2 (Static)
for GCC in gcc-{9,10,11,12}; do "/var/crash/ core.$PROG" protector- all -O3 -static -Wall -Wextra -pedantic -Wno-attribute- warning -o $PROG example-static.c
echo "Test $GCC (static)"
PROG="test-$GCC"
CORE=
$GCC -fstack-
rm -f $CORE
echo -n 'DDDDDDDDGGGGGGGG' | ./$PROG
gdb --batch -ex bt $PROG $CORE | grep '^#1'
echo
done
Test gcc-9 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x000000000040545c in raise ()
Test gcc-10 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x000000000040545c in raise ()
Test gcc-11 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x000000000040545c in raise ()
Test gcc-12 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x000000000040545c in raise ()