From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-68432-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 8642 invoked by alias); 15 Nov 2009 18:30:51 -0000
Received: (qmail 8505 invoked by uid 22791); 15 Nov 2009 18:30:44 -0000
X-SWARE-Spam-Status: No, hits=-1.8 required=5.0 	tests=AWL,BAYES_00,SARE_MSGID_LONG40,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: sourceware.org
Received: from smtp-out.google.com (HELO smtp-out.google.com) (216.239.45.13)     by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 15 Nov 2009 18:29:40 +0000
Received: from wpaz24.hot.corp.google.com (wpaz24.hot.corp.google.com [172.24.198.88]) 	by smtp-out.google.com with ESMTP id nAFITbWp008606 	for <gdb-patches@sourceware.org>; Sun, 15 Nov 2009 10:29:38 -0800
Received: from pwj17 (pwj17.prod.google.com [10.241.219.81]) 	by wpaz24.hot.corp.google.com with ESMTP id nAFITYlv007532 	for <gdb-patches@sourceware.org>; Sun, 15 Nov 2009 10:29:34 -0800
Received: by pwj17 with SMTP id 17so3180784pwj.5         for <gdb-patches@sourceware.org>; Sun, 15 Nov 2009 10:29:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.115.101.27 with SMTP id d27mr4982320wam.126.1258309773636;  	Sun, 15 Nov 2009 10:29:33 -0800 (PST)
In-Reply-To: <20091115173429.GB23483@caradoc.them.org>
References: <20091115173429.GB23483@caradoc.them.org>
Date: Sun, 15 Nov 2009 18:30:00 -0000
Message-ID: <8ac60eac0911151029i60ae1713m8ee2de5c05103d9d@mail.gmail.com>
Subject: Re: RFC: Longjmp vs LD_POINTER_GUARD revisited
From: Paul Pluzhnikov <ppluzhnikov@google.com>
To: gdb-patches@sourceware.org, Pedro Alves <pedro@codesourcery.com>,         Ulrich Weigand <uweigand@de.ibm.com>
Content-Type: text/plain; charset=ISO-8859-1
X-System-Of-Record: true
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2009-11/txt/msg00339.txt.bz2

On Sun, Nov 15, 2009 at 9:34 AM, Daniel Jacobowitz <drow@false.org> wrote:

> * Where the jmp_buf contents are obfuscated, as done by glibc, which
> "encrypts" them using a canary stored in the thread TCB.

FWIW, I never understood the point of this obfuscation: the program
(and any rogue code injected into it) can trivially discover the value
of canary:

  call sigsetjmp
a_label:
  ... canary =  sigjmp_buf.__jmpbuf[JB_PC] - &a_label

I think GDB could also perform such discovery, and that would allow it
work with non-debug glibc (debug glibc (I believe) is exception rather
the rule outside of {gdb,glibc,gcc} developers).

-- 
Paul Pluzhnikov