[sudo-workers] Improve stack smashing protector check
Vicente Olivert Riera
Vincent.Riera at imgtec.com
Fri Oct 30 07:36:12 MDT 2015
Dear Todd C. Miller,
On 10/30/2015 01:22 PM, Todd C. Miller wrote:
> On Fri, 30 Oct 2015 11:01:11 -0000, Vicente Olivert Riera wrote:
>
>>> I've just committed the following:
>>> http://www.sudo.ws/repos/sudo/rev/4ade5d1249f4
>>
>> I have tested your patch and it doesn't work:
>>
>> [snip]
>>
>> checking whether C compiler accepts -fstack-protector-strong... yes
>> checking whether the linker accepts -fstack-protector-strong... yes
>>
>> [snip]
>>
>> sudoreplay.o: In function `match_expr':
>> sudoreplay.c:(.text+0x798): undefined reference to `__stack_chk_guard'
>> sudoreplay.c:(.text+0x9f0): undefined reference to `__stack_chk_fail'
>>
>> [snip]
>
> I think you are testing without the patch, the output should look
> like this:
>
> checking for compiler stack protector support... -fstack-protector-strong
>
> or:
>
> checking for compiler stack protector support... no
Correct, the output looks like that:
...
checking for working PIE support... no
checking for compiler stack protector support... -fstack-protector-strong
checking whether the linker accepts -Wl,-z,relro... yes
...
but it fails:
sudoreplay.o: In function `match_expr':
sudoreplay.c:(.text+0x798): undefined reference to `__stack_chk_guard'
sudoreplay.c:(.text+0x9f0): undefined reference to `__stack_chk_fail'
It should say "no" in the configure check.
The patch is applied:
$ grep "char buf\[1024\]" configure
char buf[1024]; buf[1023] = '\0';
char buf[1024]; buf[1023] = '\0';
char buf[1024]; buf[1023] = '\0';
Regards,
Vincent.
> - todd
>
More information about the sudo-workers
mailing list