Mitchell Blank Jr wrote:
> Last nitpicks, I swear:
*g* Would we have created the perfect code ;-)
> Han Boetes wrote:
> > + panic("propolice detects %x at function %s.\n", damaged, func);
>
> You don't need the "\n" at the end - panic() already includes a
> newline Most panic() messages don't seem to have punctuation
> either so you can probably lose the "." too.
>
> Also it's nice to use "0x%X" to print hex numbers so they don't
> ever get misinterpreted as decimals.
Ok, here goes the final version, dear mailinglist-archive-delver.
I hope you found this version and didn't stop looking at the first
hit you found on google. Do read the whole thread, there are some
very knowledgeable people giving their opinion.
--- linux-2.6.9/lib/Makefile.orig 2005-01-13 16:47:58.564198904 +0100
+++ linux-2.6.9/lib/Makefile 2005-01-13 17:06:29.124368096 +0100
@@ -23,6 +23,8 @@ obj-$(CONFIG_GENERIC_IOMAP) += iomap.o
obj-$(CONFIG_ZLIB_INFLATE) += zlib_inflate/
obj-$(CONFIG_ZLIB_DEFLATE) += zlib_deflate/
+obj-$(CONFIG_PROPOLICE) += propolice.o
+
hostprogs-y := gen_crc32table
clean-files := crc32table.h
--- linux-2.6.9/security/Kconfig.orig 2004-10-18 23:54:39.000000000 +0200
+++ linux-2.6.9/security/Kconfig 2005-01-13 16:57:23.130371800 +0100
@@ -44,6 +44,18 @@ config SECURITY_ROOTPLUG
If you are unsure how to answer this question, answer N.
+config PROPOLICE
+ bool 'GCC ProPolice SSP build support'
+ help
+ This enables kernel building with stack-smashing protection
+ via the -fstack-protector GCC flag, if you have GCC build with
+ propolice.
+
+ See <http://www.research.ibm.com/trl/projects/security/ssp/> for
+ more information about this compiler-extension.
+
+ If you are unsure how to answer this question, answer N.
+
source security/selinux/Kconfig
endmenu
--- linux-2.6.9/Makefile.orig 2005-01-13 16:38:39.479192744 +0100
+++ linux-2.6.9/Makefile 2005-01-13 16:40:45.139089536 +0100
@@ -490,6 +490,10 @@ ifndef CONFIG_FRAME_POINTER
CFLAGS += -fomit-frame-pointer
endif
+ifdef CONFIG_PROPOLICE
+CFLAGS += -fstack-protector
+endif
+
ifdef CONFIG_DEBUG_INFO
CFLAGS += -g
endif
--- linux-2.6.9/lib/propolice.c.orig 2005-01-13 17:08:49.920963760 +0100
+++ linux-2.6.9/lib/propolice.c 2005-01-14 11:23:14.786142384 +0100
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2005, Han Boetes <[EMAIL PROTECTED]>
+ *
+ * This code adds support for the propolice stacksmashing
+ * extension for gcc.
+ * http://www.research.ibm.com/trl/projects/security/ssp/
+ *
+ * This source code is licensed under the GNU General Public
+ * License, Version 2. See the file COPYING for more details.
+ *
+ */
+#include <linux/kernel.h>
+#include <linux/module.h>
+
+unsigned char __guard[sizeof(int)] = {'\0', '\0', '\n', (unsigned char) -1};
+EXPORT_SYMBOL(__guard);
+
+void __stack_smash_handler(unsigned int damaged, const char *func)
+{
+ panic("propolice detects 0x%X at function %s", damaged, func);
+}
+EXPORT_SYMBOL(__stack_smash_handler);
# Han
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
