[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 1/3] efi: Initialize canary to non-zero value
From: |
Daniel Kiper |
Subject: |
Re: [PATCH v2 1/3] efi: Initialize canary to non-zero value |
Date: |
Wed, 13 Dec 2023 21:24:07 +0100 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Mon, Dec 11, 2023 at 01:27:48PM -0600, Glenn Washburn wrote:
> The canary, __stack_chk_guard, is in the BSS and so will get initialized to
> zero if it is not explicitly initialized. If the UEFI firmware does not
> support the RNG protocol, then the canary will not be randomized and will
> be zero. This seems like a possibly easier value to write by an attacker.
> Initialize canary to static random bytes, so that it is still random when
> there is no RNG protocol. Set at least one byte to NULL to protect against
s/NULL/NUL/? If yes then please fix other places too.
> string buffer overflow attacks.
I think I can imagine how it works but instead of guessing I would
prefer to have this written down in the commit message.
Additionally, to have consistent behavior over the code I would zero out
highest order byte when they come from RNG too.
... and it seems to me this will not work for big endian CPUs.
grub_be_to_cpu64_compile_time()?
Last but not least, I think it would be nice to have this feature
available on non-EFI platforms too. It would help us faster detect
various overwrites in the code which may slip through cracks.
Anyway, I would want to have this patch set in the release. So, please
address first two comments ASAP (if nothing blows up again I want to
cut the release at the begging of next week). The other two things can
be addressed after the release.
Daniel