A start

Robert Connolly cendres at videotron.ca
Sun Jan 11 12:47:25 PST 2004


On January 11, 2004 03:09 pm, T_B wrote:
> "Robert Connolly" <cendres at videotron.ca> wrote in message
> news:200401062314.01289.cendres at videotron.ca...
>
> > Thanks Jeroen. This might be realy helpfull :)
> >
> > http://wiki.linuxfromscratch.org/index.php?pagename=HLFS
>
> I have completed an HLFS build trying to use these instructions and have
> the following comments:
>
> 1) Chapter 5: binutils:  A note should be added here for those building an
> HLFS from scratch, that
>             the HJL version will require m4, bison and flex in order to
> build successfully in Chapter 6.
>             These packages are not built in chapter 5 for a standard LFS
> system.

Sorry, I thought it had that.

>
> 2) Testing Propolice: There is a typo here as the first compile of fail
> needs -fno-stack-protector.
>             I actually did 3 builds of fail.c with the following results:
>
>                 # ./fail1 /* Created with -fno-stack-protector */
>                     before foo()
>                     Segmentation fault
>
>                 # ./fail2 /* Created with -fstack-protector */
>                     before foo()
>                     fail2: stack smashing attack in function fooAborted
>
>                 # ./fail3 /* Created with -fstack-protector-all */
>                     before foo()
>                     fail3: stack smashing attack in function fooAborted
>
> I also built my kernel with Crypto-Loop and Grsecurity-2.0.
>
> Interestingly, when I tried to execute these tests with grsecurity
> installed, all three were
> trapped by the kerenl and aborted.  This would lead one to question the
> value of building
> every application with propolice, if grsecurity is intended to be added
> anyway!

Your second test should fail, unless you have -fstack-protector-all in the 
specs file. fail.c is an example of -fstack-protector not protecting all 
functions, while -fstack-protector-all does.

hgcc -r &&
gcc -fstack-protector -o fail fail.c && ./fail
before foo()
Segmentation fault

or

hgcc -fp &&
gcc -o fail fail.c && ./fail
before foo()
Segmentation fault

and

hgcc -r &&
gcc -fstack-protector-all -o fail fail.c && ./fail
before foo()
fail: stack smashing attack in function fooAborted

Im not too sure if grsecurity will guard against all that propolice will. I 
should find different exploit examples perhaps. Try building the example 
exploits in libsafe's source, without propolice, and see if grsec aborts 
them...




More information about the hlfs-dev mailing list