From eaf323b1926360e2d9514cc33af2404ec6ab0602 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=B6ren=20Tempel?= Date: Tue, 14 Jan 2020 11:14:39 +0100 Subject: [PATCH] sys/ssp: use a random value as the canary This implements the randomization of canary values on each build as mentioned in the comment above the STACK_CHK_GUARD macro. The canary value is generated by the buildsystem and passed to the ssp module using a `-D` compiler flag. The ssp object file, using this canary value, is marked as PHONY to make sure it is rebuild on each make invocation, thereby ensuring that each build uses a new random canary value. Implementing this properly would require generating a cryptographically secure random value on each boot of the RIOT operating system. This is not deemed possible on some constrained devices, e.g. due to lack of hardware random number generators. Besides, RIOT only seems to support a PRNG (random module) currently. While this may be implemented in the future for some devices the changes implemented in this commit may still be used as a fallback then. A hardcoded canary value is used when building software on the CI to not break the CI test cache [1]. [1]: https://github.com/RIOT-OS/RIOT/pull/13119#issuecomment-574132932 --- sys/ssp/Makefile | 16 ++++++++++++++++ sys/ssp/ssp.c | 3 --- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/sys/ssp/Makefile b/sys/ssp/Makefile index 48422e909a47d..9e78de2bf69aa 100644 --- a/sys/ssp/Makefile +++ b/sys/ssp/Makefile @@ -1 +1,17 @@ +# module name is used below, thus set explicitly +MODULE = ssp + +ifeq (,$(RIOT_CI_BUILD)) + # random canary value newly generated on each build + RIOTCANARY := $(shell $(RIOTTOOLS)/randhex/randhex.sh) +else + # hardcoded canary value to not break CI test cache + RIOTCANARY := 0xdeadbeefdeadbeef +endif + +# pass the generated canary using a macro and mark the object file using +# it as PHONY to ensure that a new canary value is used on each build. +CFLAGS += -DSTACK_CHK_GUARD=$(RIOTCANARY) +.PHONY: $(BINDIR)/$(MODULE)/$(MODULE).o + include $(RIOTBASE)/Makefile.base diff --git a/sys/ssp/ssp.c b/sys/ssp/ssp.c index 2509a9a718900..e3039edba04da 100644 --- a/sys/ssp/ssp.c +++ b/sys/ssp/ssp.c @@ -22,9 +22,6 @@ #include "panic.h" -/* this should be randomized for each build */ -#define STACK_CHK_GUARD 0x595e9fbd94fda766 - uintptr_t __stack_chk_guard = (uintptr_t) STACK_CHK_GUARD; __attribute__((noreturn)) void __stack_chk_fail(void)