On Mon, Dec 11, 2023 at 01:27:48PM -0600, Glenn Washburn wrote: > The canary, __stack_chk_guard, is in the BSS and so will get initialized to > zero if it is not explicitly initialized. If the UEFI firmware does not > support the RNG protocol, then the canary will not be randomized and will > be zero. This seems like a possibly easier value to write by an attacker. > Initialize canary to static random bytes, so that it is still random when > there is no RNG protocol. Set at least one byte to NULL to protect against
s/NULL/NUL/? If yes then please fix other places too. > string buffer overflow attacks. I think I can imagine how it works but instead of guessing I would prefer to have this written down in the commit message. Additionally, to have consistent behavior over the code I would zero out highest order byte when they come from RNG too. ... and it seems to me this will not work for big endian CPUs. grub_be_to_cpu64_compile_time()? Last but not least, I think it would be nice to have this feature available on non-EFI platforms too. It would help us faster detect various overwrites in the code which may slip through cracks. Anyway, I would want to have this patch set in the release. So, please address first two comments ASAP (if nothing blows up again I want to cut the release at the begging of next week). The other two things can be addressed after the release. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
