On Sun, Nov 12, 2023 at 08:22:42AM +0100, Heinrich Schuchardt wrote: > On 11/12/23 04:23, Glenn Washburn wrote: > > The canary, __stack_chk_guard, is in the BSS and so will get initialized to > > zero if it is not explicitly initialized. If the UEFI firmware does not > > support the RNG protocol, then the canary will not be randomized and will > > be used as zero. This seems like a possibly easier value to write by an > > attacker. Initialize canary to static random bytes, so that it is still > > random when there is not RNG protocol. > > > > Signed-off-by: Glenn Washburn <developm...@efficientek.com> > > Reviewed-by: Heinrich Schuchardt <xypron.g...@gmx.de>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> > > --- > > grub-core/kern/efi/init.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/grub-core/kern/efi/init.c b/grub-core/kern/efi/init.c > > index 0e28bea17a76..b85d98ca47fd 100644 > > --- a/grub-core/kern/efi/init.c > > +++ b/grub-core/kern/efi/init.c > > @@ -41,7 +41,7 @@ static grub_guid_t rng_protocol_guid = > > GRUB_EFI_RNG_PROTOCOL_GUID; > > > > static grub_efi_uint8_t stack_chk_guard_buf[32]; > > > > -grub_addr_t __stack_chk_guard; > > +grub_addr_t __stack_chk_guard = (grub_addr_t) 0x92f2b7e2f193b25c; I would add last sentence from the commit message before this line. I can do it for you before push... > > > > void __attribute__ ((noreturn)) > > __stack_chk_fail (void) Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
