Author: cem
Date: Mon May 13 23:37:44 2019
New Revision: 347555
URL: https://svnweb.freebsd.org/changeset/base/347555
Log:
Revert r346292 (permit_nonrandom_stackcookies)
We have a better, more comprehensive knob for this now:
kern.random.initial_seeding.bypass_before_seeding=1.
Requested by: delphij
Sponsored by: Dell EMC Isilon
Modified:
head/UPDATING
head/sys/kern/stack_protector.c
Modified: head/UPDATING
==============================================================================
--- head/UPDATING Mon May 13 23:30:06 2019 (r347554)
+++ head/UPDATING Mon May 13 23:37:44 2019 (r347555)
@@ -76,13 +76,6 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW:
produce warnings in dmesg when the conditions are met.
20190416:
- The tunable "security.stack_protect.permit_nonrandom_cookies" may be
- set to a non-zero value to boot systems that do not provide early
- entropy. Otherwise, such systems may see the panic message:
- "cannot initialize stack cookies because random device is not yet
- seeded."
-
-20190416:
The loadable random module KPI has changed; the random_infra_init()
routine now requires a 3rd function pointer for a bool (*)(void)
method that returns true if the random device is seeded (and
Modified: head/sys/kern/stack_protector.c
==============================================================================
--- head/sys/kern/stack_protector.c Mon May 13 23:30:06 2019
(r347554)
+++ head/sys/kern/stack_protector.c Mon May 13 23:37:44 2019
(r347555)
@@ -4,28 +4,12 @@ __FBSDID("$FreeBSD$");
#include <sys/types.h>
#include <sys/param.h>
#include <sys/kernel.h>
-#include <sys/random.h>
-#include <sys/sysctl.h>
#include <sys/systm.h>
#include <sys/libkern.h>
long __stack_chk_guard[8] = {};
void __stack_chk_fail(void);
-/*
- * XXX This default is unsafe!!! We intend to change it after resolving issues
- * with early entropy in the installer; some kinds of systems that do not use
- * loader(8), such as riscv, aarch64, and power; and perhaps others that I am
- * forgetting off the top of my head.
- */
-static bool permit_nonrandom_cookies = true;
-
-SYSCTL_NODE(_security, OID_AUTO, stack_protect, CTLFLAG_RW, 0,
- "-fstack-protect support");
-SYSCTL_BOOL(_security_stack_protect, OID_AUTO, permit_nonrandom_cookies,
- CTLFLAG_RDTUN, &permit_nonrandom_cookies, 0,
- "Allow stack guard to be used without real random cookies");
-
void
__stack_chk_fail(void)
{
@@ -39,37 +23,8 @@ __stack_chk_init(void *dummy __unused)
size_t i;
long guard[nitems(__stack_chk_guard)];
- if (is_random_seeded()) {
- arc4rand(guard, sizeof(guard), 0);
- for (i = 0; i < nitems(guard); i++)
- __stack_chk_guard[i] = guard[i];
- return;
- }
-
- if (permit_nonrandom_cookies) {
- printf("%s: WARNING: Initializing stack protection with "
- "non-random cookies!\n", __func__);
- printf("%s: WARNING: This severely limits the benefit of "
- "-fstack-protector!\n", __func__);
-
- /*
- * The emperor is naked, but I rolled some dice and at least
- * these values aren't zero.
- */
- __stack_chk_guard[0] = (long)0xe7318d5959af899full;
- __stack_chk_guard[1] = (long)0x35a9481c089348bfull;
- __stack_chk_guard[2] = (long)0xde657fdc04117255ull;
- __stack_chk_guard[3] = (long)0x0dd44c61c22e4a6bull;
- __stack_chk_guard[4] = (long)0x0a5869a354edb0a5ull;
- __stack_chk_guard[5] = (long)0x05cebfed255b5232ull;
- __stack_chk_guard[6] = (long)0x270ffac137c4c72full;
- __stack_chk_guard[7] = (long)0xd8141a789bad478dull;
- _Static_assert(nitems(__stack_chk_guard) == 8,
- "__stack_chk_guard doesn't have 8 items");
- return;
- }
-
- panic("%s: cannot initialize stack cookies because random device is "
- "not yet seeded", __func__);
+ arc4rand(guard, sizeof(guard), 0);
+ for (i = 0; i < nitems(guard); i++)
+ __stack_chk_guard[i] = guard[i];
}
SYSINIT(stack_chk, SI_SUB_RANDOM, SI_ORDER_ANY, __stack_chk_init, NULL);
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
