[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check
From: |
Marius Bakke |
Subject: |
bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check |
Date: |
Sun, 25 Jun 2017 12:41:06 +0200 |
User-agent: |
Notmuch/0.24.2 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) |
Danny Milosavljevic <address@hidden> writes:
> Hi,
>
> what do you all think of rebuilding the world with "-fstack-check" (either
> now or later on) ?
>
> That would make gcc emit code to always grow the stack in a way that it
> certainly touches each 4 KiB (parametrizable by
> STACK_CHECK_PROBE_INTERVAL_EXP) page on the way.
>
> I think that would be the right and permanent fix - unlike the whack-a-mole
> approach where we patch programs not to do what they are supposed to do, if
> their stack allocation happens to grow.
>
> See also <https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt> and
> <https://gcc.gnu.org/onlinedocs/gccint/Stack-Checking.html>.
Red Hat investigated this during the embargo[0] and found that the
current implementation in GCC has problems[1]. We should wait until
those issues are resolved first, but sounds good to me.
[0] http://seclists.org/oss-sec/2017/q2/556
[1] http://seclists.org/oss-sec/2017/q2/505
signature.asc
Description: PGP signature
- bug#27429: Stack clash (CVE-2017-1000366 etc), (continued)
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/24
- bug#27429: Stack clash (CVE-2017-1000366 etc), Ludovic Courtès, 2017/06/26
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/26
- bug#27429: Stack clash (CVE-2017-1000366 etc), Ludovic Courtès, 2017/06/27
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/28
bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/19
bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check, Danny Milosavljevic, 2017/06/25
- bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check,
Marius Bakke <=