ProPolice: best way to fill canary

Jeremie Le Hen jeremie at
Fri Jul 8 15:35:05 GMT 2005

Hello hackers,

I'm going to disturb you once again with ProPolice.  The original
ProPolice patch, as well as most of FreeBSD variants and Linux one,
uses /dev/urandom to fill the "canary" with random data (the canary
is what is going to be put between buffer and return address in the
stack).  OTOH, OpenBSD uses kern.arnd sysctl to achieve this (this
is a sysctl front-end to the arc4random() function).

I don't really see the pros and cons between the two methods, so I'd
like taste your opinions.

Note that the first method (opening /dev/urandom) requires to patch
open(2) wrapper from libpthread and libthr (cognet@ did this for me),
in order to initialize _thr_initial, because the SSP constructor is
called quite early.

The second method requires to introduce the kern.arnd sysctl
(KERN_ARND).  FYI, note that NetBSD has kern.urandom (KERN_URND) and
they define KERN_ARND to be an alias to this.

Your comments will be welcome.

Best regards,
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >

More information about the freebsd-hackers mailing list