| From: |
| riel-AT-redhat.com |
| To: |
| linux-kernel-AT-vger.kernel.org |
| Subject: |
| stackprotector: ascii armor the stack canary |
| Date: |
| Fri, 19 May 2017 17:26:31 -0400 |
| Message-ID: |
| <20170519212636.30440-1-riel@redhat.com> |
| Cc: |
| danielmicay-AT-gmail.com, tytso-AT-mit.edu, keescook-AT-chromium.org, hpa-AT-zytor.com, luto-AT-amacapital.net, mingo-AT-kernel.org, x86-AT-kernel.org, linux-arm-kernel-AT-lists.infradead.org, catalin.marinas-AT-arm.com, linux-sh-AT-vger.kernel.org, ysato-AT-users.sourceforge.jp |
Zero out the first byte of the stack canary value on 64 bit systems,
in order to prevent unterminated C string overflows from being able
to successfully overwrite the canary, even if an attacker somehow
guessed or obtained the canary value.
Inspired by execshield ascii-armor and PaX/grsecurity.
Thanks to Daniel Micay for extracting code of similar functionality
from PaX/grsecurity and making it easy to find in his linux-hardened
git tree on https://github.com/thestinger/linux-hardened/
