This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug libc/12189] __stack_chk_fail should not attempt a backtrace


https://sourceware.org/bugzilla/show_bug.cgi?id=12189

Rich Felker <bugdal at aerifal dot cx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |bugdal at aerifal dot cx

--- Comment #7 from Rich Felker <bugdal at aerifal dot cx> ---
I would like an even more extreme fix, removing all possibility of output from
__*_chk_fail and having them immediately abort() or similar (but see the
caveats that follow). Once the program state is compromised, any further
execution could turn a DoS vulnerability into a code-execution one. Even things
like the vdso syscall pointer at %gs:whatever should not be trusted at this
point, because you already have evidence that the program state is compromised;
a stack-based buffer overflow on a non-main thread could easily reach into the
TCB.

In musl, we have an inline function called a_crash() for things like this; it's
defined as __asm__ __volatile__ ("hlt"); on x86 and intended to be defined
analogously on other archs, although right now it's just *(volatile char *)0=0;
on most.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]