From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OUmvY-0005e2-QB for garchives@archives.gentoo.org; Fri, 02 Jul 2010 20:33:36 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A7E5CE0956; Fri, 2 Jul 2010 20:31:32 +0000 (UTC) Received: from mailout1.go2.pl (mailout1.go2.pl [193.17.41.11]) by pigeon.gentoo.org (Postfix) with ESMTP id E9916E0956 for ; Fri, 2 Jul 2010 20:31:31 +0000 (UTC) Received: from mailout1.go2.pl (unknown [10.0.0.104]) by mailout1.go2.pl (Postfix) with ESMTP id 6735A30017 for ; Fri, 2 Jul 2010 22:31:31 +0200 (CEST) Received: from unknown (unknown [10.0.0.142]) by mailout1.go2.pl (Postfix) with SMTP for ; Fri, 2 Jul 2010 22:31:31 +0200 (CEST) Received: from cpc5-rdng22-2-0-cust539.know.cable.virginmedia.com [82.0.214.28] by poczta.o2.pl with ESMTP id KUMYYC; Fri, 02 Jul 2010 22:31:30 +0200 From: Radoslaw Madej To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] binary protection mechanisms in different Linux distros Date: Fri, 2 Jul 2010 22:31:28 +0100 User-Agent: KMail/1.13.3 (Linux/2.6.33-hardened; KDE/4.4.3; x86_64; ; ) References: <201007010846.11482.radegand@o2.pl> <20100702074146.GG28068@felinemenace.org> In-Reply-To: <20100702074146.GG28068@felinemenace.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <201007022231.28283.radegand@o2.pl> X-O2-Trust: 2, 63 X-O2-SPF: neutral X-Archives-Salt: 89265ac2-4d6b-4496-a9b8-3f86e0d247dd X-Archives-Hash: 2033b4fdd562b589add4cb7225ca82f0 Hi, Thanks for the useful info. Assessing strength of the cookie itself definitely sounds like a good idea (same for PIE + ASLR actually). Unfortunately, seems like the attached file has been intercepted somewhere along the way... ;) Could you resend please? I'm curious to give it a go. Thanks, Radek Madej On Friday 02 July 2010 08:41:46 you wrote: > Hello, > > In addition to checking if SSP is enabled for binaries, you might want > to check the /strength/ of the cookie. > > For example, some distros will use a full 32 bit cookie strength, where > as others will use a 24 bit strength cookie (such as ubuntu 10.04), > where they set a cookie like 0x00xxyyzz (for 32 bit little endian). > > Presumably it is for off by one errors (buf[buflen] = 0) and maybe to > prevent ssp bruteforcing in string copy routines :) > > At any rate, I've attached a .c file you can use. depending on compiler > version and stuff, you might need to modify the OFFSET parameter. You'll > want to test it with -static as well (some distros have released setups > where if you compile a binary statically, it will not initialize the > cookie, etc :) > > Thanks, > Andrew Griffiths > > On Thu, Jul 01, 2010 at 08:46:11AM +0100, Radoslaw Madej wrote: > > Hi guys, > > > > I convinced the company I work for to allow me to spend some time on > > reviewing different security aspects of Linux OS and different distros. > > As it also involves Gentoo Hardened (which I also happily use on a daily > > basis), I thought I'd share. :) > > > > http://labs.mwrinfosecurity.com/projectdetail.php?project=13&view=news > > > > There should be more to come in a near future. Any feedback appreciated > > :) > > > > Thanks to all hardened-dev for making the Hardened Gentoo happen! :) > > Regards, > > Radek Madej