This series extends and improves the previous patch initializing the
stack guard canary. The first patch improves the previous patch by
setting the most significant byte to NULL, which will filter out
string buffer overflow attacks. The second patch allows creation of
the canary at build time from urandom if it exists. This change breaks
reproducible builds, so the third patch allows the canary to be set
from the environment variable SOURCE_DATE_EPOCH if its value is not
empty.
Glenn
Glenn Washburn (3):
efi: Initialize canary to non-zero value
efi: Generate stack protector canary at build time if urandom is
available
efi: Add support for reproducible builds
config.h.in | 2 ++
configure.ac | 22 ++++++++++++++++++++++
grub-core/kern/efi/init.c | 3 ++-
3 files changed, 26 insertions(+), 1 deletion(-)
--
2.34.1
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
