r1666 - in trunk/BOOK: chapter01 chapter06

robert Fri, 19 Aug 2011 21:28:49 -0700

Author: robert
Date: 2011-08-19 22:28:33 -0600 (Fri, 19 Aug 2011)
New Revision: 1666


Modified:
   trunk/BOOK/chapter01/changelog.xml
   trunk/BOOK/chapter06/gcc.xml
Log:
Added a couple hardening tests to gcc chap6.

Modified: trunk/BOOK/chapter01/changelog.xml
===================================================================
--- trunk/BOOK/chapter01/changelog.xml  2011-08-19 06:37:11 UTC (rev 1665)
+++ trunk/BOOK/chapter01/changelog.xml  2011-08-20 04:28:33 UTC (rev 1666)
@@ -38,6 +38,15 @@
 -->
 
     <listitem>
+      <para>2011-08-20</para>
+      <itemizedlist>
+        <listitem>
+          <para>[robert] - Added a couple hardening tests to gcc chap6.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>2011-08-19</para>
       <itemizedlist>
         <listitem>

Modified: trunk/BOOK/chapter06/gcc.xml
===================================================================
--- trunk/BOOK/chapter06/gcc.xml        2011-08-19 06:37:11 UTC (rev 1665)
+++ trunk/BOOK/chapter06/gcc.xml        2011-08-20 04:28:33 UTC (rev 1666)
@@ -293,6 +293,69 @@
     href="readjusting.xml"
     xpointer="xpointer(//*[@os='v'])"/>
 
+    <para>Check that <option>-D_FORTIFY_SOURCE=2</option> is working:</para>
+
+<screen><userinput>cat &gt; memcpy.c &lt;&lt; "EOF"
+<literal>/* From NetBSD usr/src/regress/lib/libc/ssp/memcpy/memcp.c */
+#include &lt;stdio.h&gt;
+#include &lt;string.h&gt;
+#include &lt;stdlib.h&gt;
+
+int
+main(int argc, char *argv[])
+{
+  char b[10];
+  int len = atoi(argv[1]);
+  (void)memcpy(b, "1020202020202", len);
+  (void)printf("%*.*s\n", len, len, b);
+  return 0;
+}</literal>
+EOF
+gcc -o memcpy memcpy.c -Wall -O2
+./memcpy 10
+./memcpy 11
+rm -v memcpy memcpy.c</userinput></screen>
+
+    <para>This should produce the following results:</para>
+
+<screen><computeroutput># ./memcpy 10
+1020202020
+# ./memcpy 11
+*** buffer overflow detected ***: ./memcpy terminated
+...</computeroutput></screen>
+
+    <para>Check that <option>-fstack-protector-all</option> is working:</para>
+
+    <screen><userinput>cat &gt; ssptest.c &lt;&lt; "EOF"
+ <literal>/* From Ashish 
http://old.nabble.com/gcc--fstack-protector-all-option-to5867717.html */
+#include &lt;stdio.h&gt;
+#include &lt;stdlib.h&gt;
+
+void buffer_overflow ( )
+{
+  long int        i = 0;
+  char    str[29];
+  for ( i = 0; i &lt; 50; i++){
+    str[i] = '\0';
+  }
+}
+int main ()
+{
+  buffer_overflow ( );
+  exit ( 0);
+} 
+</literal>
+EOF
+gcc -o ssptest ssptest.c -Wall
+./ssptest
+rm -v ssptest ssptest.c</userinput></screen>
+
+    <para>This should produce the following results:</para>
+
+<screen><computeroutput># ./ssptest
+*** stack smashing detected ***: ./ssptest terminated
+...</computeroutput></screen>
+
   </sect2>
 
   <sect2 id="contents-gcc" role="content">

-- 
http://linuxfromscratch.org/mailman/listinfo/hlfs-book
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page

r1666 - in trunk/BOOK: chapter01 chapter06

Reply via email to