From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-patches-return-68441-listarch-gdb-patches=sources.redhat.com@sourceware.org>
Received: (qmail 9003 invoked by alias); 15 Nov 2009 23:06:48 -0000
Received: (qmail 8993 invoked by uid 22791); 15 Nov 2009 23:06:48 -0000
X-SWARE-Spam-Status: No, hits=-1.8 required=5.0 	tests=AWL,BAYES_00,SARE_MSGID_LONG40,SPF_HELO_PASS,SPF_PASS
X-Spam-Check-By: sourceware.org
Received: from smtp-out.google.com (HELO smtp-out.google.com) (216.239.33.17)     by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 15 Nov 2009 23:05:40 +0000
Received: from zps18.corp.google.com (zps18.corp.google.com [172.25.146.18]) 	by smtp-out.google.com with ESMTP id nAFN5aj8006417 	for <gdb-patches@sourceware.org>; Sun, 15 Nov 2009 23:05:36 GMT
Received: from pxi10 (pxi10.prod.google.com [10.243.27.10]) 	by zps18.corp.google.com with ESMTP id nAFN5XI0022001 	for <gdb-patches@sourceware.org>; Sun, 15 Nov 2009 15:05:34 -0800
Received: by pxi10 with SMTP id 10so751761pxi.33         for <gdb-patches@sourceware.org>; Sun, 15 Nov 2009 15:05:33 -0800 (PST)
MIME-Version: 1.0
Received: by 10.114.5.18 with SMTP id 18mr6307433wae.140.1258326333497; Sun,  	15 Nov 2009 15:05:33 -0800 (PST)
In-Reply-To: <20091115223539.GA23336@caradoc.them.org>
References: <20091115173429.GB23483@caradoc.them.org> 	 <8ac60eac0911151029i60ae1713m8ee2de5c05103d9d@mail.gmail.com> 	 <20091115223539.GA23336@caradoc.them.org>
Date: Sun, 15 Nov 2009 23:06:00 -0000
Message-ID: <8ac60eac0911151505s6834e781wf6887f0641345db@mail.gmail.com>
Subject: Re: RFC: Longjmp vs LD_POINTER_GUARD revisited
From: Paul Pluzhnikov <ppluzhnikov@google.com>
To: Paul Pluzhnikov <ppluzhnikov@google.com>, gdb-patches@sourceware.org,         Pedro Alves <pedro@codesourcery.com>,         Ulrich Weigand <uweigand@de.ibm.com>
Content-Type: text/plain; charset=ISO-8859-1
X-System-Of-Record: true
X-IsSubscribed: yes
Mailing-List: contact gdb-patches-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb-patches.sourceware.org>
List-Subscribe: <mailto:gdb-patches-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb-patches/>
List-Post: <mailto:gdb-patches@sourceware.org>
List-Help: <mailto:gdb-patches-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-patches-owner@sourceware.org
X-SW-Source: 2009-11/txt/msg00348.txt.bz2

On Sun, Nov 15, 2009 at 2:35 PM, Daniel Jacobowitz <drow@false.org> wrote:

> There's a rotate and an xor involved; I don't believe this would work
> as written... sure, we could "discover" it from disassembling key
> functions automatically...

Oh, right. There was "plain XOR" in FC6, and shift-by-9 added in FC7.
Still it's trivial to discover the canary without disassembling
anything (disassembling requires symbols, which may be stripped):
there are only 3 different algorithms I've seen (no canary, XOR,
XOR+shift-by-9). Hmm, looks like x86_64 has XOR+shift-by-17 now, but
ia64, SPARC and PPC all have just "plain XOR".

Still I think this may be a more robust then requiring debuginfo or
non-stripped glibc.

-- 
Paul Pluzhnikov