diff options
author | Mike Frysinger <vapier@gentoo.org> | 2005-05-26 22:36:28 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2005-05-26 22:36:28 +0000 |
commit | 2d25f28350e25029ddbf869ac8f5cfee072abad3 (patch) | |
tree | 2fd24f5d0afc6fe35223023ae76a92aac6ac8f1a /sys-libs | |
parent | remove obsolete version (diff) | |
download | historical-2d25f28350e25029ddbf869ac8f5cfee072abad3.tar.gz historical-2d25f28350e25029ddbf869ac8f5cfee072abad3.tar.bz2 historical-2d25f28350e25029ddbf869ac8f5cfee072abad3.zip |
move ssp back to FILESDIR since its easier to manage here
Diffstat (limited to 'sys-libs')
-rw-r--r-- | sys-libs/glibc/Manifest | 27 | ||||
-rw-r--r-- | sys-libs/glibc/files/2.3.5/ssp.c | 171 |
2 files changed, 185 insertions, 13 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest index ceacecefba60..86ffefa1d418 100644 --- a/sys-libs/glibc/Manifest +++ b/sys-libs/glibc/Manifest @@ -2,40 +2,40 @@ MD5 a21b53d7bce27855c61c23ebe3aa72ca ChangeLog 73343 MD5 45b53d55a7990f579c81cc9698091b8b glibc-2.2.5-r10.ebuild 4454 MD5 41a105e32ad4b0a4a8a2129645eed295 glibc-2.3.2-r12.ebuild 22301 MD5 567094e03359ffc1c95af7356395228d metadata.xml 162 -MD5 dc4c20dd0eff03811d1dd30929dfdd34 glibc-2.3.5.ebuild 39310 +MD5 c5def2406c0304f57d41de3464b85829 glibc-2.3.5.ebuild 39693 MD5 aeaeffc56ce8fedabbb5682693320b6b glibc-2.3.3.20040420-r2.ebuild 21685 MD5 e44a41af599672120302813550b65a61 glibc-2.3.4.20040619-r2.ebuild 21356 -MD5 83d709648d3b577a09c1960c609ce509 glibc-2.3.5.20050421.ebuild 40252 +MD5 408a8619c0081fc115752c82f9f4959d glibc-2.3.5.20050421.ebuild 40445 MD5 5ccfebdf2c0864c59f2cee75424bb29b glibc-2.3.4.20041102-r1.ebuild 33941 MD5 7946da1bf84f19ad3896a61428c7a05a glibc-2.3.4.20040808-r1.ebuild 27705 MD5 f657c3015509b40205f9eefa49d12c89 glibc-2.3.4.20050125-r1.ebuild 38637 MD5 ee442d9b608306c5d87dff3248cb17ea glibc-2.3.4.20041102.ebuild 32976 MD5 3622860499eecaced6dda4562aeb1b65 glibc-2.3.4.20050125.ebuild 35394 MD5 8d58079469aedb014a800101ef60558f files/nsswitch.conf 503 +MD5 bed7cbcac1e8582deda43664e5b3f19c files/digest-glibc-2.2.5-r10 290 MD5 2d5306ef875573750af642a9f93b634a files/digest-glibc-2.3.2-r12 312 MD5 42af7e35fe2404a49954f91fd1aee891 files/digest-glibc-2.3.3.20040420-r2 312 MD5 470f57fe18dd0a94cb4a4d6cf51528af files/digest-glibc-2.3.4.20040619-r2 307 MD5 2f05d3181e9a9ded61e074147af47e8e files/digest-glibc-2.3.4.20040808-r1 382 +MD5 75b85b24e4ded1b0e8a0a762d5805818 files/digest-glibc-2.3.4.20041102 383 +MD5 75b85b24e4ded1b0e8a0a762d5805818 files/digest-glibc-2.3.4.20041102-r1 383 MD5 5f2690b0a60b336ec8f26fa3a8898361 files/digest-glibc-2.3.4.20050125 371 +MD5 71c18ba0155b5cf1e7e4bf990225d566 files/digest-glibc-2.3.4.20050125-r1 521 +MD5 07cfaa15b8863c39585dcbf7c859e278 files/digest-glibc-2.3.5 518 +MD5 0f5c7825b61f2919ca8f7834d1c496c1 files/digest-glibc-2.3.5.20050421 604 MD5 e4393f4721a207750581d6265d5f7f40 files/fix-sysctl_h.patch 376 MD5 52cfc7627fc62dfb26d8d163aac361f6 files/glibc-2.2.2-test-lfs-timeout.patch 320 +MD5 c4300e2f8808cb38a308745ed8b77367 files/locales.build 602 +MD5 bedcd868a9462009158714238594173c files/nscd 964 +MD5 2013443f5192d4b999953ba4248d288c files/nscd.conf 1158 +MD5 d8830438ea871dbfd1acf7a3d0299159 files/test-__thread.c 53 +MD5 4404ee4b6e3017819d8f36082e0265e5 files/test-sysctl_h.c 54 MD5 135f8145885a2f4f9876fe973f33ddf6 files/glibc-2.2.4-string2.h.diff 5221 MD5 b712a49b5113fccb4c8b0ada2a30d390 files/glibc-manpages-2.2.5.tar.bz2 14610 MD5 184eddb92615fb991dce41b9edbfa690 files/glibc-manpages-2.3.2.tar.bz2 14700 MD5 13701e6cc0de584680502c0cd958f2cf files/glibc-sec-hotfix-20040804.patch 4319 MD5 bbe355d94c5a36e11f543d12b70b5702 files/glibc-sec-hotfix-20040916.patch 3080 MD5 d688e44731d6e4b757382d7646c492c3 files/glibc-xdr_security.patch 6612 -MD5 c4300e2f8808cb38a308745ed8b77367 files/locales.build 602 -MD5 bedcd868a9462009158714238594173c files/nscd 964 -MD5 2013443f5192d4b999953ba4248d288c files/nscd.conf 1158 -MD5 d8830438ea871dbfd1acf7a3d0299159 files/test-__thread.c 53 -MD5 4404ee4b6e3017819d8f36082e0265e5 files/test-sysctl_h.c 54 -MD5 75b85b24e4ded1b0e8a0a762d5805818 files/digest-glibc-2.3.4.20041102 383 -MD5 bed7cbcac1e8582deda43664e5b3f19c files/digest-glibc-2.2.5-r10 290 -MD5 71c18ba0155b5cf1e7e4bf990225d566 files/digest-glibc-2.3.4.20050125-r1 521 -MD5 75b85b24e4ded1b0e8a0a762d5805818 files/digest-glibc-2.3.4.20041102-r1 383 -MD5 07cfaa15b8863c39585dcbf7c859e278 files/digest-glibc-2.3.5 518 -MD5 0f5c7825b61f2919ca8f7834d1c496c1 files/digest-glibc-2.3.5.20050421 604 MD5 f75ebd335c4b882013cc12229d39c9f7 files/2.2.5/glibc-2.2.5-alpha-gcc3-fix.diff 475 MD5 843eaa26ae2c49e894aa365b6f463546 files/2.2.5/glibc-2.2.5-alpha-pcdyn-fix.diff 471 MD5 5182f441608833569cb9e78536baf8af files/2.2.5/glibc-2.2.5-arm-errlist-fix.diff 2210 @@ -55,6 +55,7 @@ MD5 e6dc1e4d7839d2bb08c6865466791183 files/2.2.5/glibc-2.2.5-sunrpc-overflow.dif MD5 993732f56fdecf36f672198112fc5d5c files/2.2.5/glibc-2.2.5-threadsig.diff 636 MD5 a50da56218f9aabc347d7e1130961cec files/2.2.5/glibc-2.2.5.divbyzero.patch 1694 MD5 e9d9d086e8ed29ed49252d4cd0050f66 files/2.2.5/glibc-2.2.5.restrict_arr.patch 762 +MD5 35e58c96284f20b5000d04cc0f847ed9 files/2.3.5/ssp.c 4313 MD5 941f13d27badc76c1e3704c59acaff26 files/2.3.1/glibc-2.3.1-ctype-compat-v3.patch 2823 MD5 4f8ecd70003c5ca153ff7c204c54c1cf files/2.3.1/glibc-2.3.1-elf-machine-rela-mips.patch 1246 MD5 afaf2540d2803ac066eb2555f2019a6f files/2.3.1/glibc-2.3.1-exit-syscall-mips.patch 633 diff --git a/sys-libs/glibc/files/2.3.5/ssp.c b/sys-libs/glibc/files/2.3.5/ssp.c new file mode 100644 index 000000000000..4fcda2fa943c --- /dev/null +++ b/sys-libs/glibc/files/2.3.5/ssp.c @@ -0,0 +1,171 @@ +/* + * Distributed under the terms of the GNU General Public License v2 + * $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/2.3.5/ssp.c,v 1.1 2005/05/26 22:36:28 vapier Exp $ + * + * This is a modified version of Hiroaki Etoh's stack smashing routines + * implemented for glibc. + * + * The following people have contributed input to this code. + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory@visi.name> + * + */ + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif + +#include <stdio.h> +#include <string.h> +#include <fcntl.h> +#include <unistd.h> +#include <signal.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <sys/syslog.h> +#include <sys/time.h> +#include <sys/sysctl.h> + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +#ifdef __PROPOLICE_BLOCK_SEGV__ +# define SSP_SIGTYPE SIGSEGV +#elif __PROPOLICE_BLOCK_KILL__ +# define SSP_SIGTYPE SIGKILL +#else +# define SSP_SIGTYPE SIGABRT +#endif + +unsigned long __guard = 0UL; + +/* Use of __* functions from the rest of glibc here avoids + * initialisation problems for executables preloaded with + * libraries that overload the associated standard library + * functions. + */ +void +__guard_setup (void) +{ + size_t size; +#ifdef HAVE_DEV_ERANDOM + int mib[3]; +#endif + + if (__guard != 0UL) + return; + +#ifndef __SSP_QUICK_CANARY__ +#ifdef HAVE_DEV_ERANDOM + /* Random is another depth in Linux, hence an array of 3. */ + mib[0] = CTL_KERN; + mib[1] = KERN_RANDOM; + mib[2] = RANDOM_ERANDOM; + + size = sizeof (unsigned long); + if (__sysctl (mib, 3, &__guard, &size, NULL, 0) != (-1)) + if (__guard != 0UL) + return; +#endif /* ifdef HAVE_DEV_ERANDOM */ + /* + * Attempt to open kernel pseudo random device if one exists before + * opening urandom to avoid system entropy depletion. + */ + { + int fd; +#ifdef HAVE_DEV_ERANDOM + if ((fd = __open ("/dev/erandom", O_RDONLY)) == (-1)) +#endif + fd = __open ("/dev/urandom", O_RDONLY); + if (fd != (-1)) + { + size = __read (fd, (char *) &__guard, sizeof (__guard)); + __close (fd); + if (size == sizeof (__guard)) + return; + } + } +#endif /* ifndef __SSP_QUICK_CANARY__ */ + + /* If sysctl was unsuccessful, use the "terminator canary". */ + __guard = 0xFF0A0D00UL; + + { + /* Everything failed? Or we are using a weakened model of the + * terminator canary */ + struct timeval tv; + + __gettimeofday (&tv, NULL); + __guard ^= tv.tv_usec ^ tv.tv_sec; + } +} + +void +__stack_smash_handler (char func[], int damaged) +{ + struct sigaction sa; + const char message[] = ": stack smashing attack in function "; + int bufsz, len; + char buf[512]; +#ifndef __dietlibc__ + struct sockaddr_un sock; /* AF_UNIX address of local logger */ + int log; + extern char *__progname; +#else + static char *__progname = "dietapp"; +#endif + + sigset_t mask; + sigfillset (&mask); + + sigdelset (&mask, SSP_SIGTYPE); /* Block all signal handlers */ + sigprocmask (SIG_BLOCK, &mask, NULL); /* except SIGABRT */ + + bufsz = sizeof (buf); + strcpy (buf, "<2>"); + len = 3; + + strncat (buf, __progname, sizeof (buf) - 4); + len = strlen (buf); + + if (bufsz > len) + { + strncat (buf, message, bufsz - len - 1); + len = strlen (buf); + } + if (bufsz > len) + { + strncat (buf, func, bufsz - len - 1); + len = strlen (buf); + } + + /* print error message */ + write (STDERR_FILENO, buf + 3, len - 3); + write (STDERR_FILENO, "()\n", 3); +#ifndef __dietlibc__ + if ((log = socket (AF_UNIX, SOCK_DGRAM, 0)) != -1) + { + /* Send "found" message to the "/dev/log" path */ + sock.sun_family = AF_UNIX; + (void) strncpy (sock.sun_path, _PATH_LOG, sizeof (sock.sun_path) - 1); + sock.sun_path[sizeof (sock.sun_path) - 1] = '\0'; + sendto (log, buf, len, 0, (struct sockaddr *) &sock, sizeof (sock)); + } +#endif + /* Make sure the default handler is associated with the our signal handler */ + + memset (&sa, 0, sizeof (struct sigaction)); + sigfillset (&sa.sa_mask); /* Block all signals */ + sa.sa_flags = 0; + sa.sa_handler = SIG_DFL; + sigaction (SSP_SIGTYPE, &sa, NULL); + (void) kill (getpid (), SSP_SIGTYPE); + _exit (127); +} |