Libssp, with Glibc and uClibc, gives an "Illegal instruction" (return code 132) when an overflow is detected, instead of an "Aborted" (return code 134). This comes from the "__builtin_trap" in gcc/libssp/ssp.c.
It's ugly, but it works. GCC uses this because for their purposes it's more portable. I'm curious if it is safer to patch ssp.c to use sigfillset+sigdelset+sigprocmask, kill(getpid()), and _exit(127). The "__builtin_trap" causes a dirty crash, while a kill and an exit is much cleaner. The "Illegal instruction" also confuses Bash, giving us a "write error: Broken pipe", depending on the program's input. Do any of you know if either one is more vulnerable than the other? robert
pgpArE8AnPg3h.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
