pagee...@freemail.hu wrote: > On 22 May 2009 at 13:32, basile wrote: > > >> Paxtest doesn't cover everything, but it covers important checks and if >> any fail there is definitely reason for concern. >> > > just a sidenote, the ssp tests in paxtest were written to FAIL, not to > succeed, since pax doesn't prevent overflows per se. if you want to assert > the effectiveness of a particular ssp implementation, you'll have to write > much more extensive tests. > >
I did test on variations of classic code like
#include <stdio.h>
#include <string.h>
int main(int argc, char * argv[])
{
char buf[8];
strcpy(buf,argv[1]);
printf(buf);
printf("\n");
return 0;
}
compiling with
(1) gcc -O2 -Wall -save-temps -o test test.c
(2) gcc -O2 -Wall -fstack-protector -save-temps -o test test.c
(3) gcc -O2 -Wall -fstack-protector-all -save-temps -o test test.c
and ran with
./test $(perl -e 'print "A"x7')
./test $(perl -e 'print "A"x8')
./test $(perl -e 'print "A"x9')
etc.
With no stack protector, you get a seg fault. With stack-protector* you get
*** stack smashing detected ***: ./test terminated
======= Backtrace: =========
etc. I also did
diff test.s test-fstack-protector.s
to see check that call __stack_chk_fail was there and
diff test-fstack-protector.s test-fstack-protector-all.s
to see under what circumstances -fstack-protector and
-fstack-protector-all are different
(not my above code.)
I am unaware of a systematic suite for testing stack smashing, so I
tested calls to functions with buffers.
--
Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA
(716) 829-8197
signature.asc
Description: OpenPGP digital signature
