8bb7f5309b
- Introduce new SI_SUB_RANDOM point in boot sequence to make it clear from where one may start using random(9). It should be as early as possible, so place it just after SI_SUB_CPU where we have some randomness on most platforms via get_cyclecount(). - Move stack protector initialization to be after SI_SUB_RANDOM as before this point we have no randomness at all. This fixes stack protector to actually protect stack with some random guard value instead of a well-known one. Note that this patch doesn't try to address arc4random(9) issues. With current code, it will be implicitly seeded by stack protector and hence will get the same entropy as random(9). It will be securely reseeded once /dev/random is feeded by some entropy from userland. Submitted by: Maxim Dounin <mdounin@mdounin.ru> MFC after: 3 days
32 lines
682 B
C
32 lines
682 B
C
#include <sys/cdefs.h>
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
#include <sys/types.h>
|
|
#include <sys/param.h>
|
|
#include <sys/kernel.h>
|
|
#include <sys/systm.h>
|
|
#include <sys/libkern.h>
|
|
|
|
long __stack_chk_guard[8] = {};
|
|
void __stack_chk_fail(void);
|
|
|
|
void
|
|
__stack_chk_fail(void)
|
|
{
|
|
|
|
panic("stack overflow detected; backtrace may be corrupted");
|
|
}
|
|
|
|
#define __arraycount(__x) (sizeof(__x) / sizeof(__x[0]))
|
|
static void
|
|
__stack_chk_init(void *dummy __unused)
|
|
{
|
|
size_t i;
|
|
long guard[__arraycount(__stack_chk_guard)];
|
|
|
|
arc4rand(guard, sizeof(guard), 0);
|
|
for (i = 0; i < __arraycount(guard); i++)
|
|
__stack_chk_guard[i] = guard[i];
|
|
}
|
|
SYSINIT(stack_chk, SI_SUB_RANDOM, SI_ORDER_ANY, __stack_chk_init, NULL);
|