sys/ssp: use a random value as the canary

This implements the randomization of canary values on each build as mentioned in the comment above the STACK_CHK_GUARD macro. Since the build system generates a new canary for each build, i.e. riotbuild.h is modified, the entire code is rebuild on each make invocation. This is strictly necessary as otherwise some object files may still use the old canary value. Implementing this properly would require generating a cryptographically secure random value on each boot of the RIOT operating system. This is not deemed possible on some constrained devices, e.g. due to lack of hardware random number generators. Besides, RIOT only seems to support a PRNG (random module) currently. While this may be implemented in the future for some devices the changes implemented in this commit may still be used as a fallback then.
RIOT-OS · Jan 14, 2020 · 9535ee0 · 9535ee0
1 parent 9f1a3e4
commit 9535ee0
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/sys/ssp/Makefile.include b/sys/ssp/Makefile.include
@@ -1,3 +1,6 @@
+# Canary value is randomized on each new build
+CFLAGS += -DSTACK_CHK_GUARD=$(RIOTCANARY)
+
 ifneq (,$(filter ssp,$(USEMODULE)))
  CFLAGS += -fstack-protector
 endif
diff --git a/sys/ssp/ssp.c b/sys/ssp/ssp.c
@@ -22,9 +22,6 @@
 
 #include "panic.h"
 
-/* this should be randomized for each build */
-#define STACK_CHK_GUARD 0x595e9fbd94fda766
-
 uintptr_t __stack_chk_guard = (uintptr_t) STACK_CHK_GUARD;
 
 __attribute__((noreturn)) void __stack_chk_fail(void)