first attempt at enabling stack protector support

the code is written to pre-init the thread pointer in static linked
programs that pull in __stack_chk_fail or dynamic-linked programs that
lookup the symbol. no explicit canary is set; the canary will be
whatever happens to be in the thread structure at the offset gcc
hard-coded. this can be improved later.

diff --git a/src/env/__init_security.c b/src/env/__init_security.c
index 5fd12ec..6893a25 100644 (file)
--- a/src/env/__init_security.c
+++ b/src/env/__init_security.c
@@ -8,11 +8,18 @@
 
 #define AUX_CNT 24
 
 
 #define AUX_CNT 24
 

+void dummy(void)
+{
+}
+weak_alias(dummy, __init_ssp);
+

 void __init_security(size_t *auxv)
 {
        size_t i, aux[AUX_CNT] = { 0 };
        struct pollfd pfd[3] = { {.fd=0}, {.fd=1}, {.fd=2} };
 
 void __init_security(size_t *auxv)
 {
        size_t i, aux[AUX_CNT] = { 0 };
        struct pollfd pfd[3] = { {.fd=0}, {.fd=1}, {.fd=2} };
 

+       __init_ssp();
+

        for (; auxv[0]; auxv+=2) if (auxv[0]<AUX_CNT) aux[auxv[0]] = auxv[1];
        if (aux[AT_UID]==aux[AT_EUID] && aux[AT_GID]==aux[AT_EGID]
                && !aux[AT_SECURE]) return;
        for (; auxv[0]; auxv+=2) if (auxv[0]<AUX_CNT) aux[auxv[0]] = auxv[1];
        if (aux[AT_UID]==aux[AT_EUID] && aux[AT_GID]==aux[AT_EGID]
                && !aux[AT_SECURE]) return;

diff --git a/src/env/__stack_chk_fail.c b/src/env/__stack_chk_fail.c
new file mode 100644 (file)
index 0000000..bbba351
--- /dev/null
+++ b/src/env/__stack_chk_fail.c
@@ -0,0 +1,14 @@
+#include "pthread_impl.h"
+#include "atomic.h"
+
+void __init_ssp(void)
+{
+#ifndef __PIC__
+       __pthread_self_init();
+#endif
+}
+
+void __stack_chk_fail(void)
+{
+       a_crash();
+}

diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c
index 0533bbb..d04bef6 100644 (file)
--- a/src/ldso/dynlink.c
+++ b/src/ldso/dynlink.c
@@ -59,9 +59,13 @@ struct dso
        char buf[];
 };
 
        char buf[];
 };
 

+struct __pthread;
+struct __pthread *__pthread_self_init(void);
+

 static struct dso *head, *tail, *libc;
 static char *env_path, *sys_path, *r_path;
 static int rtld_used;
 static struct dso *head, *tail, *libc;
 static char *env_path, *sys_path, *r_path;
 static int rtld_used;

+static int ssp_used;

 static int runtime;
 static jmp_buf rtld_fail;
 static pthread_rwlock_t lock;
 static int runtime;
 static jmp_buf rtld_fail;
 static pthread_rwlock_t lock;


@@ -108,6 +112,7 @@ static void *find_sym(struct dso *dso, const char *s, int need_def)
        void *def = 0;
        if (h==0x6b366be && !strcmp(s, "dlopen")) rtld_used = 1;
        if (h==0x6b3afd && !strcmp(s, "dlsym")) rtld_used = 1;
        void *def = 0;
        if (h==0x6b366be && !strcmp(s, "dlopen")) rtld_used = 1;
        if (h==0x6b3afd && !strcmp(s, "dlsym")) rtld_used = 1;

+       if (h==0x595a4cc && !strcmp(s, "__stack_chk_fail")) ssp_used = 1;

        for (; dso; dso=dso->next) {
                Sym *sym;
                if (!dso->global) continue;
        for (; dso; dso=dso->next) {
                Sym *sym;
                if (!dso->global) continue;


@@ -611,6 +616,8 @@ void *__dynlink(int argc, char **argv)
                reclaim((void *)builtin_dsos, 0, sizeof builtin_dsos);
        }
 
                reclaim((void *)builtin_dsos, 0, sizeof builtin_dsos);
        }
 

+       if (ssp_used) __pthread_self_init();
+

        errno = 0;
        return (void *)aux[AT_ENTRY];
 }
        errno = 0;
        return (void *)aux[AT_ENTRY];
 }