git-svn-id: http://svn.ipfire.org/svn/ipfire/IPFire/source@16 ea5c0bd1-69bd-2848...

[people/pmueller/ipfire-2.x.git] / src / patches / glibc-2.3.3-ssp_frandom-2.patch

Submitted By: Robert Connolly <cendres at videotron dot ca> (ashes)
Date: 2004-04-24
Initial Package Version: 2.3.3
Origin: http://www.research.ibm.com/trl/projects/security/ssp/
        http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/sys/stack_protector.c
Description: Smashing Stack Protector - This patch adds guard functions to
Glibc.

This patch depends on erandom sysctl from:
http://frandom.sourceforge.net/
http://www.linuxfromscratch.org/hints/downloads/files/entropy.txt

Also see:
http://www.research.ibm.com/trl/projects/security/ssp/
http://www.linuxfromscratch.org/hlfs/
http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt

diff -Naur glibc-2.3-20040418.orig/sysdeps/generic/libc-start.c glibc-2.3-20040418.ssp-frandom/sysdeps/generic/libc-start.c
--- glibc-2.3-20040418.orig/sysdeps/generic/libc-start.c        2004-03-31 01:46:43.000000000 +0000
+++ glibc-2.3-20040418.ssp-frandom/sysdeps/generic/libc-start.c 2004-04-25 07:07:34.000000000 +0000
@@ -188,6 +188,8 @@
     GLRO(dl_debug_printf) ("\ntransferring control: %s\n\n", argv[0]);
 #endif
 
+  __guard_setup ();
+
 #ifdef HAVE_CLEANUP_JMP_BUF
   /* Memory for the cancellation buffer.  */
   struct pthread_unwind_buf unwind_buf;
diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Dist glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Dist
--- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Dist        2003-09-24 05:04:29.000000000 +0000
+++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Dist 2004-04-25 07:09:46.000000000 +0000
@@ -1,3 +1,4 @@
+stack_protector.c
 bits/initspin.h
 cmsg_nxthdr.c
 dl-brk.c
diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Makefile glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Makefile
--- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Makefile    2004-04-03 07:45:26.000000000 +0000
+++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Makefile     2004-04-25 07:10:02.000000000 +0000
@@ -1,5 +1,5 @@
 ifeq ($(subdir),csu)
-sysdep_routines += errno-loc
+sysdep_routines += errno-loc stack_protector
 endif
 
 ifeq ($(subdir),assert)
diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Versions glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Versions
--- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/Versions    2004-03-19 00:13:55.000000000 +0000
+++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/Versions     2004-04-25 07:08:58.000000000 +0000
@@ -108,6 +108,7 @@
   GLIBC_2.3.2 {
     # New kernel interfaces.
     epoll_create; epoll_ctl; epoll_wait;
+       __guard; __guard_setup; __stack_smash_handler;
   }
   GLIBC_2.3.3 {
     gnu_dev_major; gnu_dev_minor; gnu_dev_makedev;
diff -Naur glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/stack_protector.c glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/stack_protector.c
--- glibc-2.3-20040418.orig/sysdeps/unix/sysv/linux/stack_protector.c   1970-01-01 00:00:00.000000000 +0000
+++ glibc-2.3-20040418.ssp-frandom/sysdeps/unix/sysv/linux/stack_protector.c    2004-04-25 07:24:27.000000000 +0000
@@ -0,0 +1,160 @@
+/*     $hlfs: ssp.c,v 1.1 2004/04/24 00:00:00 robert Exp $     */
+
+/* Most of this code was copied from the gcc patch, libgcc2.c hunk, from
+ *     http://www.trl.ibm.com/projects/security/ssp/
+ * And therefore this code is part of gcc.
+ */
+
+/* Copyright (C) 1989, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+   2000, 2001, 2002  Free Software Foundation, Inc.
+
+This file is part of GCC.
+
+GCC is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation; either version 2, or (at your option) any later
+version.
+
+In addition to the permissions in the GNU General Public License, the
+Free Software Foundation gives you unlimited permission to link the
+compiled version of this file into combinations with other programs,
+and to distribute those combinations without any restriction coming
+from the use of this file.  (The General Public License restrictions
+do apply in other respects; for example, they cover modification of
+the file, and distribution when not linked into a combine
+executable.)
+
+GCC is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or
+FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+for more details.
+
+You should have received a copy of the GNU General Public License
+along with GCC; see the file COPYING.  If not, write to the Free
+Software Foundation, 59 Temple Place - Suite 330, Boston, MA
+02111-1307, USA.  */
+
+/* Some portions of this code were copied from
+ *     http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/sys/stack_protector.c
+ * And hence a dual license.
+ */
+
+/*
+ * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
+ * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/sysctl.h>
+
+#include <signal.h>
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <sys/syslog.h>
+#ifndef _PATH_LOG
+#define _PATH_LOG "/dev/log"
+#endif
+
+long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
+
+void __guard_setup (void)
+{
+       int i, mib[3];
+       size_t len;
+
+       if (__guard[0] != 0)
+               return;
+
+       /* Random is another depth in Linux, hence an array of 3. */
+       mib[0] = CTL_KERN;
+       mib[1] = KERN_RANDOM;
+       mib[2] = RANDOM_ERANDOM;
+
+       len = 4;
+       for (i = 0; i < sizeof(__guard) / 4; i++) {
+               if (sysctl(mib, 3, (char *)&((int *)__guard)[i],
+                   &len, NULL, 0) == -1)
+                       break;
+       }
+
+       if (i < sizeof(__guard) / 4) {
+               /* If sysctl was unsuccessful, use the "terminator canary". */
+               ((char *)__guard)[0] = 0; ((char*)__guard)[1] = 0;
+               ((char *)__guard)[2] = '\n'; ((char *)__guard)[3] = 255;
+       }
+}
+
+void __stack_smash_handler (char func[], int damaged)
+{
+       extern char * __progname;
+       const char message[] = ": stack smashing attack in function ";
+       int bufsz = 512, len;
+       char buf[bufsz];
+       int LogFile;
+       struct sockaddr_un SyslogAddr;  /* AF_UNIX address of local logger */
+
+       sigset_t mask;
+       sigfillset(&mask);
+       sigdelset(&mask, SIGABRT);  /* Block all signal handlers */
+       sigprocmask(SIG_BLOCK, &mask, NULL); /* except SIGABRT */
+
+       strcpy(buf, "<2>"); len=3;    /* send LOG_CRIT */
+       strncat(buf, __progname, bufsz-len-1); len = strlen(buf);
+       if (bufsz>len) {strncat(buf, message, bufsz-len-1); len = strlen(buf);}
+       if (bufsz>len) {strncat(buf, func, bufsz-len-1); len = strlen(buf);}
+       /* print error message */
+       write (STDERR_FILENO, buf+3, len-3);
+       if ((LogFile = socket(AF_UNIX, SOCK_DGRAM, 0)) != -1) {
+               /* 
+               * Send "found" message to the "/dev/log" path
+               */
+               SyslogAddr.sun_family = AF_UNIX;
+               (void)strncpy(SyslogAddr.sun_path, _PATH_LOG,
+                       sizeof(SyslogAddr.sun_path) - 1);
+               SyslogAddr.sun_path[sizeof(SyslogAddr.sun_path) - 1] = '\0';
+               sendto(LogFile, buf, len, 0, (struct sockaddr *)&SyslogAddr,
+                       sizeof(SyslogAddr));
+       }
+
+       /* Make sure the default handler is associated with SIGABRT */
+       struct sigaction sa;
+
+       memset(&sa, 0, sizeof(struct sigaction));
+       sigfillset(&sa.sa_mask);    /* Block all signals */
+       sa.sa_flags = 0;
+       sa.sa_handler = SIG_DFL;
+       sigaction(SIGABRT, &sa, NULL);
+
+       (void)kill(getpid(), SIGABRT);
+
+       _exit(127);
+}
+