[Toybox] imgtec patch: Fix static linkage of toybox binary.

Rob Landley rob at landley.net
Mon May 9 20:45:50 PDT 2016


On 05/09/2016 04:43 PM, Evgenii Stepanov wrote:
> Now, if we want to really preserve this check logic under safestack,
> we will have to do something safestack-specific. There is no way to
> keep pretending that there is a single, continuous stack region and
> still get realistic results.

If you can hide it in lib/platform.h and lib/platform.c, go for it.

> 1. Use __builtin_frame_pointer and __builtin___get_unsafe_stack_ptr().
> They are supported whenever safestack is supported and can be
> protected with simple preprocessor guards.
> 2. Rely on safestack semantics to know which of the two stacks a
> variable gets allocated on. This is embedding some knowledge about
> safestack implementation (not just the ABI) into the application, but
> it relies on the fundamental security promise of safestack and very
> unlikely to change. For example, this line in my original patch:
>   intptr_t volatile stackaddr = (intptr_t)&which;
> leaks the address of "which" into a volatile location. Such variables
> are guaranteed to be allocated on the "unsafe" stack.

It's the _amount_ of stack I'm looking for. And the really vulnerable
systems are the nommu ones that only have 64k of stack, but which also
make exec more expensive..

> (2) does not seem to have any advantage over (1). Would (1) be acceptable?

Is __builtin_frame_pointer mentioned in C99? Is it portable to
clang/llvm, and cfront/libfirm or if http://pcc.ludd.ltu.se/ revives or
http://landley.net/qcc happens...?

If not, lib/portability.* is the place #ifdef THINGY && THINGY code
blocks for envrionment-specific stuff.

Rob


More information about the Toybox mailing list