Page MenuHomeFreeBSD
Files F109660561

D19927.diff
No OneTemporary
Actions

D19927.diff
View Options

Index: head/UPDATING
===================================================================
--- head/UPDATING
+++ head/UPDATING
@@ -32,6 +32,13 @@
"ln -s 'abort:false,junk:false' /etc/malloc.conf".)
20190416:
+ The tunable "security.stack_protect.permit_nonrandom_cookies" may be
+ set to a non-zero value to boot systems that do not provide early
+ entropy. Otherwise, such systems may see the panic message:
+ "cannot initialize stack cookies because random device is not yet
+ seeded."
+
+20190416:
The loadable random module KPI has changed; the random_infra_init()
routine now requires a 3rd function pointer for a bool (*)(void)
method that returns true if the random device is seeded (and
Index: head/sys/kern/stack_protector.c
===================================================================
--- head/sys/kern/stack_protector.c
+++ head/sys/kern/stack_protector.c
@@ -4,12 +4,28 @@
#include <sys/types.h>
#include <sys/param.h>
#include <sys/kernel.h>
+#include <sys/random.h>
+#include <sys/sysctl.h>
#include <sys/systm.h>
#include <sys/libkern.h>
long __stack_chk_guard[8] = {};
void __stack_chk_fail(void);
+/*
+ * XXX This default is unsafe!!! We intend to change it after resolving issues
+ * with early entropy in the installer; some kinds of systems that do not use
+ * loader(8), such as riscv, aarch64, and power; and perhaps others that I am
+ * forgetting off the top of my head.
+ */
+static bool permit_nonrandom_cookies = true;
+
+SYSCTL_NODE(_security, OID_AUTO, stack_protect, CTLFLAG_RW, 0,
+ "-fstack-protect support");
+SYSCTL_BOOL(_security_stack_protect, OID_AUTO, permit_nonrandom_cookies,
+ CTLFLAG_RDTUN, &permit_nonrandom_cookies, 0,
+ "Allow stack guard to be used without real random cookies");
+
void
__stack_chk_fail(void)
{
@@ -23,8 +39,37 @@
size_t i;
long guard[nitems(__stack_chk_guard)];
- arc4rand(guard, sizeof(guard), 0);
- for (i = 0; i < nitems(guard); i++)
- __stack_chk_guard[i] = guard[i];
+ if (is_random_seeded()) {
+ arc4rand(guard, sizeof(guard), 0);
+ for (i = 0; i < nitems(guard); i++)
+ __stack_chk_guard[i] = guard[i];
+ return;
+ }
+
+ if (permit_nonrandom_cookies) {
+ printf("%s: WARNING: Initializing stack protection with "
+ "non-random cookies!\n", __func__);
+ printf("%s: WARNING: This severely limits the benefit of "
+ "-fstack-protector!\n", __func__);
+
+ /*
+ * The emperor is naked, but I rolled some dice and at least
+ * these values aren't zero.
+ */
+ __stack_chk_guard[0] = (long)0xe7318d5959af899full;
+ __stack_chk_guard[1] = (long)0x35a9481c089348bfull;
+ __stack_chk_guard[2] = (long)0xde657fdc04117255ull;
+ __stack_chk_guard[3] = (long)0x0dd44c61c22e4a6bull;
+ __stack_chk_guard[4] = (long)0x0a5869a354edb0a5ull;
+ __stack_chk_guard[5] = (long)0x05cebfed255b5232ull;
+ __stack_chk_guard[6] = (long)0x270ffac137c4c72full;
+ __stack_chk_guard[7] = (long)0xd8141a789bad478dull;
+ _Static_assert(nitems(__stack_chk_guard) == 8,
+ "__stack_chk_guard doesn't have 8 items");
+ return;
+ }
+
+ panic("%s: cannot initialize stack cookies because random device is "
+ "not yet seeded", __func__);
}
SYSINIT(stack_chk, SI_SUB_RANDOM, SI_ORDER_ANY, __stack_chk_init, NULL);

File Metadata

Mime Type
text/plain
Expires
Sun, Feb 9, 1:47 AM (20 h, 57 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
16539656
Default Alt Text
D19927.diff (3 KB)

Event Timeline