Index: fbsd-6/lib/libc/sys/Makefile.inc =================================================================== --- fbsd-6.orig/lib/libc/sys/Makefile.inc +++ fbsd-6/lib/libc/sys/Makefile.inc @@ -18,7 +18,7 @@ .endif # Sources common to both syscall interfaces: -SRCS+= ftruncate.c lseek.c mmap.c pread.c pwrite.c truncate.c __error.c +SRCS+= ftruncate.c lseek.c mmap.c pread.c pwrite.c truncate.c __error.c ssp.c # Add machine dependent asm sources: SRCS+=${MDASM} Index: fbsd-6/lib/libc/sys/ssp.c =================================================================== --- /dev/null +++ fbsd-6/lib/libc/sys/ssp.c @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2002 Hiroaki Etoh, Federico G. Schwindt, and Miodrag Vallat. + * Copyright (c) 2006 Ned Ludd + * Diego Pettenò + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY DIRECT, + * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN + * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include +#include +#include +#include +#include +#include +#include + +extern int __sysctl(int *, u_int, void *, size_t *, void *, size_t); + +unsigned long __guard = 0UL; +void __guard_setup(void) __attribute__ ((constructor)); +void __stack_smash_handler(char func[], int damaged __attribute__((unused))); + +void +__guard_setup(void) +{ + int i, mib[2]; + size_t len = 4; + + __guard = 0xFF0A0D00UL; + if (__guard != 0) return; + + srandomdev(); + + __guard = random(); +} + +void +__stack_smash_handler(char func[], int damaged) +{ + static const char message[] = "stack overflow in function "; + struct sigaction sa; + sigset_t mask; + + /* Immediately block all signal handlers from running code */ + sigfillset(&mask); + sigdelset(&mask, SIGABRT); + sigprocmask(SIG_BLOCK, &mask, NULL); + + write(2, message, sizeof(message)); + write(2, func, strlen(func)); + write(2, "\n", 1); + + bzero(&sa, sizeof(struct sigaction)); + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sa.sa_handler = SIG_DFL; + sigaction(SIGABRT, &sa, NULL); + + kill(getpid(), SIGABRT); + + _exit(127); +} Index: fbsd-6/lib/csu/i386-elf/crt1.c =================================================================== --- fbsd-6.orig/lib/csu/i386-elf/crt1.c +++ fbsd-6/lib/csu/i386-elf/crt1.c @@ -44,6 +44,7 @@ extern void _fini(void); extern void _init(void); extern int main(int, char **, char **); extern void _start(char *, ...); +extern void __guard_setup(void); #ifdef GCRT extern void _mcleanup(void); @@ -106,6 +107,7 @@ _start(char *ap, ...) monstartup(&eprol, &etext); #endif _init(); + __guard_setup(); exit( main(argc, argv, env) ); } Index: fbsd-6/lib/libc/Makefile =================================================================== --- fbsd-6.orig/lib/libc/Makefile +++ fbsd-6/lib/libc/Makefile @@ -15,6 +15,9 @@ SHLIBDIR?= /lib WARNS?= 2 CFLAGS+=-I${.CURDIR}/include -I${.CURDIR}/../../include CFLAGS+=-I${.CURDIR}/${MACHINE_ARCH} +# Disable stack protection for the only libc, and leave it for the rest of +# the libraries. +CFLAGS+= -fno-stack-protector CLEANFILES+=tags INSTALL_PIC_ARCHIVE= PRECIOUSLIB=