[Python-Dev] OpenBSD anyone? (original) (raw)
Kurt B. Kaiser kbk at shore.net
Wed Dec 24 15:22:07 EST 2003
- Previous message: [Python-Dev] OpenBSD anyone?
- Next message: [Python-Dev] OpenBSD anyone?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Guido van Rossum <guido at python.org> writes:
I've tried to look for a way to report OpenBSD bugs, but it appears the only way to report one is by using their sendbug command, which assumes you've got OpenBSD installed. Would someone here be so kind as to report the bug we've found? A pointer to Kurt's last message in this thread should be a good piece of evidence.
I'm not ignoring you, shore.net is delaying inbound messages over 24h and that's slowing me down.
The problem is related to the ProPolice "stack smash" protector. It does exactly what I saw: It copies any pointer arguments to an area in the frame below the locally declared buffers. The error appears to be in referencing the original location in the arguments when making the call to load_next().
One of the ProPolice ideas is that a pointer (especially a pointer to a function) can be hacked by a buffer overrun to point to rogue code.
www.trl.ibm.com/projects/security/ssp/
The implementation appears to be copying all argument pointers for good measure.
I'm looking into this to see if there is a better way to fix the import code. Making a local copy of the pointer fixes the segfault but it's not clear to me yet whether that's a solid fix for all uses of this code in Python.
As far as reporting the bug, I can do that once I localize the problem in gcc and see whether it's been fixed. A quick search of the OpenBSD bug database came up dry, but maybe I don't know how to phrase the question yet.
-- KBK
- Previous message: [Python-Dev] OpenBSD anyone?
- Next message: [Python-Dev] OpenBSD anyone?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]