From e199792d23341b0a887bf54c262147b213edd556 Mon Sep 17 00:00:00 2001 From: Conrad Meyer Date: Mon, 13 May 2019 23:37:44 +0000 Subject: [PATCH] Revert r346292 (permit_nonrandom_stackcookies) We have a better, more comprehensive knob for this now: kern.random.initial_seeding.bypass_before_seeding=1. Requested by: delphij Sponsored by: Dell EMC Isilon --- UPDATING | 7 ------ sys/kern/stack_protector.c | 51 +++----------------------------------- 2 files changed, 3 insertions(+), 55 deletions(-) diff --git a/UPDATING b/UPDATING index 200167a5f0ef..a2b702df5a1c 100644 --- a/UPDATING +++ b/UPDATING @@ -75,13 +75,6 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 13.x IS SLOW: met as for the diagnostic sysctls above. Defaults to zero, i.e., produce warnings in dmesg when the conditions are met. -20190416: - The tunable "security.stack_protect.permit_nonrandom_cookies" may be - set to a non-zero value to boot systems that do not provide early - entropy. Otherwise, such systems may see the panic message: - "cannot initialize stack cookies because random device is not yet - seeded." - 20190416: The loadable random module KPI has changed; the random_infra_init() routine now requires a 3rd function pointer for a bool (*)(void) diff --git a/sys/kern/stack_protector.c b/sys/kern/stack_protector.c index 823a3fe084d1..77be64f4d18f 100644 --- a/sys/kern/stack_protector.c +++ b/sys/kern/stack_protector.c @@ -4,28 +4,12 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include -#include #include #include long __stack_chk_guard[8] = {}; void __stack_chk_fail(void); -/* - * XXX This default is unsafe!!! We intend to change it after resolving issues - * with early entropy in the installer; some kinds of systems that do not use - * loader(8), such as riscv, aarch64, and power; and perhaps others that I am - * forgetting off the top of my head. - */ -static bool permit_nonrandom_cookies = true; - -SYSCTL_NODE(_security, OID_AUTO, stack_protect, CTLFLAG_RW, 0, - "-fstack-protect support"); -SYSCTL_BOOL(_security_stack_protect, OID_AUTO, permit_nonrandom_cookies, - CTLFLAG_RDTUN, &permit_nonrandom_cookies, 0, - "Allow stack guard to be used without real random cookies"); - void __stack_chk_fail(void) { @@ -39,37 +23,8 @@ __stack_chk_init(void *dummy __unused) size_t i; long guard[nitems(__stack_chk_guard)]; - if (is_random_seeded()) { - arc4rand(guard, sizeof(guard), 0); - for (i = 0; i < nitems(guard); i++) - __stack_chk_guard[i] = guard[i]; - return; - } - - if (permit_nonrandom_cookies) { - printf("%s: WARNING: Initializing stack protection with " - "non-random cookies!\n", __func__); - printf("%s: WARNING: This severely limits the benefit of " - "-fstack-protector!\n", __func__); - - /* - * The emperor is naked, but I rolled some dice and at least - * these values aren't zero. - */ - __stack_chk_guard[0] = (long)0xe7318d5959af899full; - __stack_chk_guard[1] = (long)0x35a9481c089348bfull; - __stack_chk_guard[2] = (long)0xde657fdc04117255ull; - __stack_chk_guard[3] = (long)0x0dd44c61c22e4a6bull; - __stack_chk_guard[4] = (long)0x0a5869a354edb0a5ull; - __stack_chk_guard[5] = (long)0x05cebfed255b5232ull; - __stack_chk_guard[6] = (long)0x270ffac137c4c72full; - __stack_chk_guard[7] = (long)0xd8141a789bad478dull; - _Static_assert(nitems(__stack_chk_guard) == 8, - "__stack_chk_guard doesn't have 8 items"); - return; - } - - panic("%s: cannot initialize stack cookies because random device is " - "not yet seeded", __func__); + arc4rand(guard, sizeof(guard), 0); + for (i = 0; i < nitems(guard); i++) + __stack_chk_guard[i] = guard[i]; } SYSINIT(stack_chk, SI_SUB_RANDOM, SI_ORDER_ANY, __stack_chk_init, NULL);