[Bug 413278] Re: stack protector guard value does not lead with a NULL byte

Tue, 25 Aug 2009 02:11:10 -0700 

Uploaded to -proposed...

** Description changed:

+ IMPACT: stack protections are weakened due to strcpy function being able to 
write the stack guard (since it does not start with a zero byte).
+ ADDRESSED: correctly implement leading zero, as done in Karmic.
+ DISCUSSION: regression potential is low, since the patch is isolated and well 
tested.
+ 
+ TEST CASE:
  $ bzr branch lp:~ubuntu-bugcontrol/qa-regression-testing/master 
qa-regression-testing
  $ cd qa-regression-testing/scripts
  $ ./test-glibc-security.py -v
  Build helper tools ... (9.10) ok
  glibc heap protection ... ok
  sprintf not pre-truncated with -D_FORTIFY_SOURCE=2 ... ok
  glibc pointer obfuscation ... ok
  Password hashes ...  (sha512) ok
  Stack guard exists ... ok
  Stack guard leads with zero byte ... FAIL
  Stack guard is randomized ... ok
  
  ======================================================================
  FAIL: Stack guard leads with zero byte
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "./test-glibc-security.py", line 170, in test_81_stack_guard_leads_zero
-     self.assertEqual(one.endswith('00\n'), expected, one)
- AssertionError: 0x6f33dd6a30051c1
- 
+     self.assertEqual(one.startswith('00 '), expected, one)
+ AssertionError: 62 55 59 69 cd 20 39 80 
  
  ----------------------------------------------------------------------
  Ran 8 tests in 0.145s
  
  FAILED (failures=1)
  
+ expected outcome: 0 failures.
+ 
  ProblemType: Bug
  Architecture: amd64
  Date: Thu Aug 13 13:59:02 2009
  Dependencies:
-  findutils 4.4.2-1
-  gcc-4.4-base 4.4.1-1ubuntu3
-  libc6 2.10.1-0ubuntu6
-  libgcc1 1:4.4.1-1ubuntu3
+  findutils 4.4.2-1
+  gcc-4.4-base 4.4.1-1ubuntu3
+  libc6 2.10.1-0ubuntu6
+  libgcc1 1:4.4.1-1ubuntu3
  DistroRelease: Ubuntu 9.10
  Package: libc6 2.10.1-0ubuntu6
  ProcEnviron:
-  LANGUAGE=en_US.UTF-8
-  PATH=(custom, user)
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  LANGUAGE=en_US.UTF-8
+  PATH=(custom, user)
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  ProcVersionSignature: Ubuntu 2.6.31-5.24-generic
  SourcePackage: eglibc
  Uname: Linux 2.6.31-5-generic x86_64

** Attachment added: "glibc_2.9-4ubuntu6.1.debdiff"
   http://launchpadlibrarian.net/30804998/glibc_2.9-4ubuntu6.1.debdiff

-- 
stack protector guard value does not lead with a NULL byte
https://bugs.launchpad.net/bugs/413278
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to