Date: Fri, 04 Mar 2022 11:16:30 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262192 --- Comment #7 from Olivier Certner <firstname.lastname@example.org> --- (In reply to Conrad Meyer from comment #6) Hi Conrad, > As far as uncovering stack overflow bugs: doesn't a system without stack > cookies also work to uncover stack overflow bugs? Most of the time, > accidental corruption of the return address will also crash the process. Yes, you're right most of the time, but more subtle forms of corruption could occur and create later problems or crashes, which are more difficult to debug. So yes, I agree it's a small advantage, but still it is. > The initialization described in this bug is only for the kernel's stack > cookies. The kernel is essentially a privileged process that lives for > the entire boot. As far as I know, there is no way to safely change the > stack guard cookie values of the running kernel. Yes. I was just thinking about starting with whatever (static or not) canary and then later on have new kernel threads use a new random one. That's just speculation at this point. I'd have to dive into code to see if it's realistic or not. I'm now not sure if it's even worth it, fixing the original limitation may be a better investment anyway. Thanks a lot for the info you provided, it gives some starting points to better understand SSP in FreeBSD. Indeed, I'll probably choose (1) for now, since it is so easy to do, and come back to (2) when I have enough time. Leaving this bug open for now. -- You are receiving this mail because: You are the assignee for the bug.