This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] BZ #15754: CVE-2013-4788: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Andreas Schwab <schwab at suse dot de>
- Cc: "Joseph S. Myers" <joseph at codesourcery dot com>, GNU C Library <libc-alpha at sourceware dot org>, Ismael Ripoll <iripoll at disca dot upv dot es>, Hector Marco <hecmargi at upv dot es>, Siddhesh Poyarekar <siddhesh at redhat dot com>, Andreas Jaeger <aj at suse dot com>
- Date: Wed, 07 Aug 2013 16:26:03 -0400
- Subject: Re: [PATCH] BZ #15754: CVE-2013-4788: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables
- References: <51E8EDF2 dot 40204 at redhat dot com> <Pine dot LNX dot 4 dot 64 dot 1307191644090 dot 9428 at digraph dot polyomino dot org dot uk> <51EC3044 dot 4080509 at redhat dot com> <mvmeha5ed9r dot fsf at hawking dot suse dot de>
On 08/07/2013 11:22 AM, Andreas Schwab wrote:
> "Carlos O'Donell" <carlos@redhat.com> writes:
>
>> - Fix sysdeps/generic/stackguard-macros.h
>>
>> * sysdeps/generic/stackguard-macros.h: Define __pointer_chk_guard
>> and POINTER_CHK_GUARD.
>>
>> diff --git a/sysdeps/generic/stackguard-macros.h b/sysdeps/generic/stackguard-macros.h
>> index ababf65..77408c6 100644
>> --- a/sysdeps/generic/stackguard-macros.h
>> +++ b/sysdeps/generic/stackguard-macros.h
>> @@ -2,3 +2,6 @@
>>
>> extern uintptr_t __stack_chk_guard;
>> #define STACK_CHK_GUARD __stack_chk_guard
>> +
>> +extern uintptr_t __pointer_chk_guard;
>> +#define POINTER_CHK_GUARD __pointer_chk_guard
>
> That won't work, __pointer_chk_guard is only available in ld.so, it is
> called __pointer_chk_guard_local in libc.a.
Thanks, I admit I haven't put this patch through any real testing.
I need to push this out and build it on s390, and ppc.
Cheers,
Carlos.